Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Automatically redirected to spam/ad search pages.


  • This topic is locked This topic is locked
5 replies to this topic

#1 metalnando

metalnando

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 11 September 2010 - 06:03 PM

Hello,

I'm having issues opening search links when using Google on Internet Explorer. I've used Norton Security Suite to scan for viruses, but it comes up with nothing. I've also used Trend Micro virus scan and it has the same results. I also followed the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and when I tried to run gmer.exe, i get an error message saying "C:\Windows\system32\config\system: The system cannot find the file specified." and it doesnt allow me to select any boxes besides Services, Registry, Files, C:\, and ADS. When the scan is complete, it has a message saying "GMER hasn't found any system modification." Can you please help?

Thanks!

DDS Log:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Home at 17:12:15.70 on Sat 09/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4856.3423 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Home\AppData\Roaming\regsdkrl32\regsdkrl83.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Home\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [regsdkrl32] c:\users\home\appdata\roaming\regsdkrl32\regsdkrl83.exe
uRun: [Desktop Cleanup Wizard] rundll32.exe "c:\users\home\local settings\application data\desktop cleanup wizard\dskclnwiz.dll", StartProt
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun-x64: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exe

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2010-1-15 230456]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0402000.00c\symds64.sys [2010-8-10 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0402000.00c\symefa64.sys [2010-8-10 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100810.004\BHDrvx64.sys [2010-8-9 945200]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0402000.00c\cchpx64.sys [2010-8-10 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100909.001\IDSviA64.sys [2010-9-9 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0402000.00c\ironx64.sys [2010-8-10 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0402000.00c\symtdiv.sys [2010-8-10 451120]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-15 203264]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\amd\raidxpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 N360;Norton Security Suite;c:\program files (x86)\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-8-10 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-21 132656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-1-15 239616]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-1-15 34872]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-9 1255736]

=============== Created Last 30 ================

2010-09-11 20:38:08 0 ----a-w- c:\users\home\defogger_reenable
2010-09-10 02:47:09 35962312 ----a-w- c:\windows\syswow64\MRT.exe
2010-09-08 03:08:53 0 d-----w- c:\users\home\appdata\roaming\IrfanView
2010-09-08 03:08:53 0 d-----w- c:\program files (x86)\IrfanView
2010-09-05 20:36:07 0 d-----w- c:\programdata\Recovery
2010-09-04 00:41:40 0 d-----w- c:\program files\iTunes
2010-09-04 00:41:40 0 d-----w- c:\program files\iPod
2010-09-04 00:41:40 0 d-----w- c:\program files (x86)\iTunes
2010-09-02 03:27:26 0 d-----w- c:\users\home\appdata\roaming\dBpoweramp
2010-08-31 21:17:06 655872 ----a-w- c:\windows\syswow64\msvcr90.dll
2010-08-31 21:17:06 568832 ----a-w- c:\windows\syswow64\msvcp90.dll
2010-08-31 21:17:06 548 ----a-w- c:\windows\syswow64\Microsoft.VC90.MFC.manifest
2010-08-31 21:17:06 524 ----a-w- c:\windows\syswow64\Microsoft.VC90.CRT.manifest
2010-08-31 21:17:06 3952 ----a-w- c:\windows\PeachWLog.XML
2010-08-31 21:17:06 1156600 ----a-w- c:\windows\syswow64\MFC90.dll
2010-08-31 21:15:43 0 d-----w- c:\windows\PeachInst
2010-08-29 23:41:48 0 d-----w- c:\users\home\appdata\roaming\AccurateRip
2010-08-29 23:41:46 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
2010-08-29 23:41:46 11005 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-08-29 23:41:41 3480752 ----a-w- c:\windows\syswow64\SpoonUninstall.exe
2010-08-29 23:41:41 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.bmp
2010-08-29 23:41:41 14645 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
2010-08-29 23:41:36 0 d-----w- c:\program files (x86)\Illustrate
2010-08-24 22:00:49 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 22:00:49 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-17 01:05:01 2 ----a-w- c:\users\home\tenmy.ini
2010-08-17 01:05:01 0 d-----w- c:\users\home\appdata\roaming\regsdkrl32
2010-08-17 01:04:28 717671 ----a-w- c:\users\home\regsdkrl83.exe
2010-08-17 01:04:25 70144 ----a-w- c:\users\home\pod832.exe
2010-08-14 00:12:39 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-13 20:17:17 0 d-----w- c:\programdata\Yahoo!
2010-08-13 01:33:36 23141 ----a-w- c:\windows\hpqins15.dat
2010-08-13 01:23:11 0 d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-08-13 01:22:51 0 d-----w- c:\users\home\appdata\roaming\hpqLog
2010-08-13 01:22:15 0 d-----w- c:\users\home\appdata\roaming\WinBatch

==================== Find3M ====================

2010-08-10 02:20:04 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-08-10 02:20:04 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-08-10 02:20:04 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-08-07 22:28:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-07 21:52:32 168068 ----a-w- c:\windows\hpoins37.dat
2010-08-07 20:58:27 1874 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_AY626AA-ABA p6314f_YC_0Pavi_QMXU018_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.09_T100122_WUH0_L409_M4856_J750_7AMD_8Athlon II X2 240_92.8_#_N10EC8168_Z_G10029710.MRK
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:12:37.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,109 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 17 September 2010 - 04:39 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 metalnando

metalnando
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 22 September 2010 - 06:58 PM

No changes have been made since the last update. The computer has only been on to check this board for replies.

When trying to run the RKUnhookerLE, I get an error message saying "Error loading drive, NTSTATUS code: 0xC000036B" with "OK" as the only option.

Please help!!

OTL logfile created on: 9/22/2010 6:50:02 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 62.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.18 Gb Total Space | 503.59 Gb Free Space | 73.28% Space Free | Partition Type: NTFS
Drive D: | 11.21 Gb Total Space | 1.61 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/22 18:49:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
PRC - [2010/09/21 22:01:43 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/08/16 20:05:00 | 000,717,671 | ---- | M] () -- C:\Users\Home\AppData\Roaming\regsdkrl32\regsdkrl83.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/10/22 21:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/19 17:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/09/19 17:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 17:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/08/24 21:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/17 06:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/09/22 18:49:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 17:37:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/09/19 17:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/09 21:20:04 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/12/17 17:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/10/14 22:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/10/06 08:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/09/17 00:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/28 17:37:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 05:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/08/31 17:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/07 01:00:00 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100921.003\EX64.SYS -- (NAVEX15)
DRV - [2010/08/07 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/07 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/07 01:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100921.003\ENG64.SYS -- (NAVENG)
DRV - [2010/06/16 20:54:14 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100920.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3667829716-1643583849-895308290-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3667829716-1643583849-895308290-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3667829716-1643583849-895308290-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3667829716-1643583849-895308290-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3667829716-1643583849-895308290-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/10 18:01:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/09 21:20:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/12 20:34:06 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3667829716-1643583849-895308290-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3667829716-1643583849-895308290-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3667829716-1643583849-895308290-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3667829716-1643583849-895308290-1001..\Run: [Desktop Cleanup Wizard] File not found
O4 - HKU\S-1-5-21-3667829716-1643583849-895308290-1001..\Run: [regsdkrl32] C:\Users\Home\AppData\Roaming\regsdkrl32\regsdkrl83.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/22 18:49:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/11 15:45:47 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\gmer
[2010/09/07 22:08:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\IrfanView
[2010/09/07 22:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2010/09/05 15:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010/09/03 19:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/03 19:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/03 19:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/03 19:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/01 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\dBpoweramp
[2010/08/31 16:15:43 | 000,000,000 | ---D | C] -- C:\Windows\PeachInst
[2010/08/29 18:41:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\AccurateRip
[2010/08/29 18:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2010/08/26 22:31:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Desktop Cleanup Wizard
[2010/08/16 20:06:09 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Toontrack
[2010/08/16 20:05:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\regsdkrl32
[2010/08/16 20:04:25 | 000,070,144 | ---- | C] (Symantec Corporation) -- C:\Users\Home\pod832.exe
[2010/08/13 19:12:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/08/13 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Yahoo
[2010/08/13 15:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/08/12 20:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2010/08/12 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\hpqLog
[2010/08/12 20:22:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\WinBatch
[2010/08/10 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Cubase Projects
[2010/08/10 20:07:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\VST3 Presets
[2010/08/10 09:00:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/10 00:39:40 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/08/10 00:39:40 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/08/10 00:39:40 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys
[2010/08/10 00:39:40 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/08/10 00:39:40 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/08/10 00:39:40 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/08/10 00:39:39 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
[2010/08/10 00:39:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C
[2010/08/09 23:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2010/08/09 23:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toontrack
[2010/08/09 22:56:38 | 002,395,648 | ---- | C] (AD © 2009) -- C:\Windows\SysWow64\SYNSOEMU.DLL
[2010/08/09 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VST3
[2010/08/09 22:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2010/08/09 22:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steinberg
[2010/08/09 22:30:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\CyberLink
[2010/08/09 22:30:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\PowerCinema
[2010/08/09 21:20:07 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/09 21:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/09 21:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/09 21:19:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/08/09 21:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2010/08/09 21:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/08/09 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\ElevatedDiagnostics
[2010/08/09 21:06:53 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\Synsopos.exe
[2010/08/09 21:06:52 | 000,708,608 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SYNSOACC.dll
[2010/08/09 21:06:52 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\Windows\SysWow64\SynsoLChk.dll
[2010/08/09 21:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010/08/09 20:18:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Diagnostics
[2010/08/09 17:55:03 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\HP Support Assistant
[2010/08/09 17:09:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/08/09 17:09:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/08/09 00:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/08/08 23:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2010/08/08 23:21:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Steinberg
[2010/08/08 23:15:15 | 000,021,888 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\SysWow64\drivers\synUSB64.sys
[2010/08/08 23:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/08/08 19:24:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\IsolatedStorage
[2010/08/08 17:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/08/08 17:41:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Adobe
[2010/08/08 17:03:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\HpUpdate
[2010/08/07 18:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/08/07 18:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/08/07 18:29:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\uTorrent
[2010/08/07 17:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/08/07 17:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/08/07 17:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2010/08/07 17:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2010/08/07 17:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/08/07 17:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/08/07 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/08/07 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/08/07 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/08/07 17:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/07 17:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/08/07 17:09:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Microsoft Help
[2010/08/07 17:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/08/07 17:09:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/08/07 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/08/07 16:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/08/07 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\HP
[2010/08/07 16:52:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\HP
[2010/08/07 16:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/08/07 16:49:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Yahoo!
[2010/08/07 16:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/07 16:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/08/07 16:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2010/08/07 16:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2010/08/07 16:44:36 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/08/07 16:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/08/07 16:42:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\CrashDumps
[2010/08/07 16:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/08/07 16:30:41 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\CyberLink
[2010/08/07 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Apple Computer
[2010/08/07 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Apple Computer
[2010/08/07 16:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/07 16:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/07 16:26:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Apple
[2010/08/07 16:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/07 16:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/08/07 16:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/07 16:26:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/07 16:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/07 16:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/07 16:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/08/07 16:11:43 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Symantec
[2010/08/07 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Macromedia
[2010/08/07 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Adobe
[2010/08/07 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\ATI
[2010/08/07 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\ATI
[2010/08/07 16:02:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\PictureMover
[2010/08/07 16:02:30 | 000,000,000 | R--D | C] -- C:\Users\Home\Searches
[2010/08/07 16:02:30 | 000,000,000 | -H-D | C] -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/07 16:02:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Identities
[2010/08/07 16:02:21 | 000,000,000 | R--D | C] -- C:\Users\Home\Contacts
[2010/08/07 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Hewlett-Packard
[2010/08/07 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Hewlett-Packard
[2010/08/07 15:58:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\VirtualStore
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\AppData\Local\Temporary Internet Files
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Templates
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Start Menu
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\SendTo
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Recent
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\PrintHood
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\NetHood
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Documents\My Videos
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Documents\My Pictures
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Documents\My Music
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\My Documents
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Local Settings
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\AppData\Local\History
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Cookies
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\Application Data
[2010/08/07 15:58:10 | 000,000,000 | -HSD | C] -- C:\Users\Home\AppData\Local\Application Data
[2010/08/07 15:58:09 | 000,000,000 | --SD | C] -- C:\Users\Home\AppData\Roaming\Microsoft
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\Videos
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\Saved Games
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\Pictures
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\Music
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\Links
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\Favorites
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\Downloads
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\My Documents
[2010/08/07 15:58:09 | 000,000,000 | R--D | C] -- C:\Users\Home\Desktop
[2010/08/07 15:58:09 | 000,000,000 | -H-D | C] -- C:\Users\Home\AppData
[2010/08/07 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Temp
[2010/08/07 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Microsoft
[2010/08/07 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Media Center Programs
[2010/08/07 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\HuluDesktop

========== Files - Modified Within 90 Days ==========

[2010/09/22 18:51:02 | 001,835,008 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT
[2010/09/22 18:50:24 | 000,133,632 | ---- | M] () -- C:\Users\Home\Desktop\RKUnhookerLE.EXE
[2010/09/22 18:49:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010/09/22 18:48:23 | 001,154,768 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/09/22 16:46:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/21 22:08:16 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 22:08:16 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 22:05:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/21 22:05:13 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/21 22:05:13 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/21 22:00:52 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHome.job
[2010/09/21 22:00:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/21 22:00:32 | 3818,827,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/21 21:57:29 | 002,281,850 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010/09/16 22:43:55 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/11 15:39:27 | 000,525,824 | ---- | M] () -- C:\Users\Home\Desktop\dds.scr
[2010/09/11 15:38:08 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable
[2010/09/11 15:36:59 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe
[2010/09/07 22:08:53 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/09/07 22:08:53 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/09/03 19:42:03 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/03 19:39:06 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/01 19:00:51 | 000,000,036 | ---- | M] () -- C:\Users\Home\AppData\Local\housecall.guid.cache
[2010/08/31 16:17:40 | 000,003,952 | ---- | M] () -- C:\Windows\PeachWLog.XML
[2010/08/31 16:16:43 | 000,000,548 | ---- | M] () -- C:\Windows\SysWow64\Microsoft.VC90.MFC.manifest
[2010/08/31 16:16:43 | 000,000,524 | ---- | M] () -- C:\Windows\SysWow64\Microsoft.VC90.CRT.manifest
[2010/08/29 18:42:42 | 000,011,005 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/08/29 18:42:23 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/08/29 18:41:41 | 000,014,645 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/08/29 18:41:25 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/08/16 20:05:01 | 000,000,002 | ---- | M] () -- C:\Users\Home\tenmy.ini
[2010/08/16 20:05:00 | 000,717,671 | ---- | M] () -- C:\Users\Home\regsdkrl83.exe
[2010/08/16 20:04:28 | 000,070,144 | ---- | M] (Symantec Corporation) -- C:\Users\Home\pod832.exe
[2010/08/13 15:17:19 | 000,001,163 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/13 15:17:19 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/12 20:34:21 | 000,023,141 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/08/12 20:23:50 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/08/11 23:02:39 | 000,588,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 09:00:51 | 000,002,511 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/08/10 09:00:21 | 670,450,146 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/09 22:30:42 | 000,194,496 | ---- | M] () -- C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/09 21:20:04 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/09 21:20:04 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/09 21:20:04 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/09 21:18:49 | 000,001,366 | ---- | M] () -- C:\Users\Home\Desktop\Norton Installation Files.lnk
[2010/08/08 23:55:33 | 000,000,513 | ---- | M] () -- C:\Windows\win.ini
[2010/08/08 23:48:24 | 000,000,471 | ---- | M] () -- C:\Windows\SysWow64\Datei4
[2010/08/08 23:48:24 | 000,000,471 | ---- | M] () -- C:\Windows\SysWow64\Datei2
[2010/08/08 23:48:24 | 000,000,470 | ---- | M] () -- C:\Windows\SysWow64\Datei3
[2010/08/08 23:48:24 | 000,000,470 | ---- | M] () -- C:\Windows\SysWow64\Datei1
[2010/08/08 23:48:24 | 000,000,469 | ---- | M] () -- C:\Windows\SysWow64\Datei7
[2010/08/08 23:48:24 | 000,000,469 | ---- | M] () -- C:\Windows\SysWow64\Datei5
[2010/08/08 23:48:24 | 000,000,468 | ---- | M] () -- C:\Windows\SysWow64\Datei0
[2010/08/08 23:48:24 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei9
[2010/08/08 23:48:24 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei8
[2010/08/08 23:48:24 | 000,000,467 | ---- | M] () -- C:\Windows\SysWow64\Datei10
[2010/08/08 23:48:24 | 000,000,465 | ---- | M] () -- C:\Windows\SysWow64\Datei6
[2010/08/08 14:57:53 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/08/07 18:29:38 | 000,000,969 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/07 18:29:37 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/07 17:28:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/07 17:17:38 | 000,002,307 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/08/07 17:01:57 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/08/07 16:52:32 | 000,168,068 | ---- | M] () -- C:\Windows\hpoins37.dat
[2010/08/07 16:48:42 | 000,001,317 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/08/07 16:47:52 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/07 16:47:18 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2010/08/07 16:12:18 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 16:12:18 | 000,065,536 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/08/07 16:12:17 | 000,524,288 | -HS- | M] () -- C:\Users\Home\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 16:03:53 | 000,001,439 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/07 15:58:27 | 000,001,874 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_AY626AA-ABA p6314f_YC_0Pavi_QMXU018_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.09_T100122_WUH0_L409_M4856_J750_7AMD_8Athlon II X2 240_92.8_#_N10EC8168_Z_G10029710.MRK
[2010/08/07 15:58:27 | 000,001,874 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_AY626AA-ABA p6314f_YC_0Pavi_QMXU018_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.09_T100122_WUH0_L409_M4856_J750_7AMD_8Athlon II X2 240_92.8_#_N10EC8168_Z_G10029710.MRK
[2010/08/07 15:58:10 | 000,000,020 | -HS- | M] () -- C:\Users\Home\ntuser.ini
[2010/08/07 15:52:12 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/08/07 15:52:12 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2010/09/22 18:50:23 | 000,133,632 | ---- | C] () -- C:\Users\Home\Desktop\RKUnhookerLE.EXE
[2010/09/11 15:39:26 | 000,525,824 | ---- | C] () -- C:\Users\Home\Desktop\dds.scr
[2010/09/11 15:38:08 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable
[2010/09/11 15:36:59 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe
[2010/09/07 22:08:53 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
[2010/09/07 22:08:53 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/09/03 19:42:03 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/03 19:39:06 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/01 19:00:51 | 000,000,036 | ---- | C] () -- C:\Users\Home\AppData\Local\housecall.guid.cache
[2010/08/31 16:17:06 | 000,003,952 | ---- | C] () -- C:\Windows\PeachWLog.XML
[2010/08/31 16:17:06 | 000,000,548 | ---- | C] () -- C:\Windows\SysWow64\Microsoft.VC90.MFC.manifest
[2010/08/31 16:17:06 | 000,000,524 | ---- | C] () -- C:\Windows\SysWow64\Microsoft.VC90.CRT.manifest
[2010/08/29 18:41:46 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/08/29 18:41:46 | 000,011,005 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/08/29 18:41:41 | 003,480,752 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/08/29 18:41:41 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/08/29 18:41:41 | 000,014,645 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/08/16 20:05:01 | 000,000,002 | ---- | C] () -- C:\Users\Home\tenmy.ini
[2010/08/16 20:04:28 | 000,717,671 | ---- | C] () -- C:\Users\Home\regsdkrl83.exe
[2010/08/13 15:17:19 | 000,001,163 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/13 15:17:19 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/12 20:33:36 | 000,023,141 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/12 20:23:50 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/08/10 09:00:21 | 670,450,146 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/10 09:00:10 | 001,154,768 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/08/10 00:39:40 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/08/10 00:39:40 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat
[2010/08/10 00:39:40 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/08/10 00:39:40 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/08/10 00:39:40 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat
[2010/08/10 00:39:40 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/08/10 00:39:40 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat
[2010/08/10 00:39:40 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/08/10 00:39:40 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf
[2010/08/10 00:39:40 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/08/10 00:39:40 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/08/10 00:39:40 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/08/10 00:39:40 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/08/10 00:39:40 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/08/10 00:39:39 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
[2010/08/10 00:39:39 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf
[2010/08/10 00:39:31 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/08/09 21:20:07 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/09 21:20:07 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/09 21:20:03 | 000,002,511 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/08/09 21:18:49 | 000,001,366 | ---- | C] () -- C:\Users\Home\Desktop\Norton Installation Files.lnk
[2010/08/09 21:06:55 | 000,147,425 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Aide.chm
[2010/08/09 21:06:54 | 000,120,468 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Hilfe.chm
[2010/08/09 21:06:54 | 000,114,279 | ---- | C] () -- C:\Windows\SysWow64\SYNSOACC-Help.chm
[2010/08/08 23:42:15 | 000,000,471 | ---- | C] () -- C:\Windows\SysWow64\Datei4
[2010/08/08 23:42:15 | 000,000,471 | ---- | C] () -- C:\Windows\SysWow64\Datei2
[2010/08/08 23:42:15 | 000,000,470 | ---- | C] () -- C:\Windows\SysWow64\Datei3
[2010/08/08 23:42:15 | 000,000,470 | ---- | C] () -- C:\Windows\SysWow64\Datei1
[2010/08/08 23:42:15 | 000,000,469 | ---- | C] () -- C:\Windows\SysWow64\Datei7
[2010/08/08 23:42:15 | 000,000,469 | ---- | C] () -- C:\Windows\SysWow64\Datei5
[2010/08/08 23:42:15 | 000,000,468 | ---- | C] () -- C:\Windows\SysWow64\Datei0
[2010/08/08 23:42:15 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei9
[2010/08/08 23:42:15 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei8
[2010/08/08 23:42:15 | 000,000,467 | ---- | C] () -- C:\Windows\SysWow64\Datei10
[2010/08/08 23:42:15 | 000,000,465 | ---- | C] () -- C:\Windows\SysWow64\Datei6
[2010/08/08 17:42:28 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/07 18:29:38 | 000,000,969 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/07 18:29:36 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/08/07 17:28:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/07 17:17:36 | 000,002,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/08/07 17:01:16 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010/08/07 16:48:42 | 000,001,317 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/08/07 16:47:52 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/07 16:47:18 | 000,002,306 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2010/08/07 16:39:41 | 000,001,614 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/08/07 16:39:40 | 000,168,068 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/08/07 16:15:33 | 000,000,544 | ---- | C] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/08/07 16:03:53 | 000,001,439 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/07 16:02:23 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForHome.job
[2010/08/07 15:58:30 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/08/07 15:58:25 | 000,001,874 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_AY626AA-ABA p6314f_YC_0Pavi_QMXU018_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.09_T100122_WUH0_L409_M4856_J750_7AMD_8Athlon II X2 240_92.8_#_N10EC8168_Z_G10029710.MRK
[2010/08/07 15:58:25 | 000,001,874 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_AY626AA-ABA p6314f_YC_0Pavi_QMXU018_EA1NAv6PrA2_49_IALOE_SFOXCONN_V1.01_B5.09_T100122_WUH0_L409_M4856_J750_7AMD_8Athlon II X2 240_92.8_#_N10EC8168_Z_G10029710.MRK
[2010/08/07 15:58:10 | 000,524,288 | -HS- | C] () -- C:\Users\Home\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 15:58:10 | 000,524,288 | -HS- | C] () -- C:\Users\Home\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 15:58:10 | 000,262,144 | -HS- | C] () -- C:\Users\Home\ntuser.dat.LOG1
[2010/08/07 15:58:10 | 000,065,536 | -HS- | C] () -- C:\Users\Home\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/08/07 15:58:10 | 000,000,020 | -HS- | C] () -- C:\Users\Home\ntuser.ini
[2010/08/07 15:58:10 | 000,000,000 | -HS- | C] () -- C:\Users\Home\ntuser.dat.LOG2
[2010/08/07 15:58:09 | 001,835,008 | -HS- | C] () -- C:\Users\Home\NTUSER.DAT
[2010/08/07 15:58:09 | 000,000,290 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/07 15:58:09 | 000,000,272 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/01 22:27:26 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\dBpoweramp
[2010/09/07 22:08:53 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\IrfanView
[2010/08/07 16:02:44 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PictureMover
[2010/08/16 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\regsdkrl32
[2010/08/09 22:57:24 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Steinberg
[2010/09/14 17:27:47 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\uTorrent
[2010/08/10 20:07:02 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\VST3 Presets
[2010/08/12 20:22:15 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinBatch
[2010/08/08 14:57:53 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/14 00:08:49 | 000,011,856 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >


OTL Extras logfile created on: 9/22/2010 6:50:02 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 62.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.18 Gb Total Space | 503.59 Gb Free Space | 73.28% Space Free | Partition Type: NTFS
Drive D: | 11.21 Gb Total Space | 1.61 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Home
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{7371196E-FA5B-43AE-1AE2-875E98869B47}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88882852-5C7D-A48B-15F3-8D13CABDA7A3}" = ATI Catalyst Install Manager
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0284181F-355D-C4E1-B483-41992C48490E}" = CCC Help German
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{07FF3AA8-0BC6-8861-F27F-2ED442F5C03E}" = CCC Help English
"{14A4957E-46DB-4821-528D-8381B4376FE2}" = CCC Help Korean
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2E4BEAC4-FB73-9657-A5B2-42F508AF98FE}" = CCC Help Finnish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{36B90A24-CE03-79C6-3DEE-1EFEE456377F}" = Catalyst Control Center Graphics Full Existing
"{3B18BAAA-1734-8CA1-1A04-B68A06A1F9C9}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4377068C-A88F-53F7-EDAF-DBD7990AEB93}" = CCC Help Swedish
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4907BDCE-4DF2-350C-24B2-9C509F004F1D}" = CCC Help Chinese Traditional
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5B0D4B33-FB4C-CB95-38D3-66F4B942661E}" = CCC Help Japanese
"{628690B9-A523-B37A-E001-D8E4581D573D}" = Catalyst Control Center Localization All
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AC35F19-C3DF-6455-C9E2-1E77BA42D3BC}" = Catalyst Control Center Graphics Previews Vista
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D1A44ED-3D15-9BB3-43AE-91A077AE9212}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83907548-56BB-D892-1CAC-2F5EC0939B37}" = CCC Help Czech
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9062CED6-AECC-E6C6-E6A0-A654CE167554}" = CCC Help Portuguese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E32194-C626-92E1-9AB9-64AA00CC7380}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CE924-DD9E-3A0D-EA16-9931D21FB3F5}" = CCC Help Turkish
"{C285CFAB-889A-47C9-2959-A9B71B5E0BFB}" = CCC Help Hungarian
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C88256B0-1182-C1B2-FE22-C1BAC6BB0E83}" = CCC Help Norwegian
"{CA1A637B-5BFD-A325-BC4B-15D3D10B861C}" = Catalyst Control Center Core Implementation
"{CACBE764-2E09-5D88-E496-78F7B1E9FFAE}" = CCC Help Greek
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CEF9A199-8652-B2A0-8C82-5491CB57AC3A}" = CCC Help French
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D781BE32-516F-957C-C080-8365111CAC18}" = CCC Help Danish
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC2841DC-5ADC-8FDD-C3FD-5FD223426F38}" = CCC Help Polish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB04773A-005D-3A2E-43C2-CEDE2645F1C3}" = ccc-core-static
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F24DF6-37BB-9905-9EB4-5C1E4D32B664}" = Catalyst Control Center Graphics Light
"{F20A4D6F-88ED-32BA-0C6D-BD6A692EFF29}" = CCC Help Italian
"{F5AC7E52-BDF6-9948-73CD-BCE3C23632F3}" = CCC Help Dutch
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6FA1416-ABCF-3559-1ACA-CEAADD6AF3E8}" = CCC Help Thai
"{F86145F7-BF40-33F0-F07B-D10BE04F98AA}" = CCC Help Spanish
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IrfanView" = IrfanView (remove only)
"N360" = Norton Security Suite
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3667829716-1643583849-895308290-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2010 9:21:16 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5039

Error - 9/6/2010 9:21:16 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5039

Error - 9/6/2010 9:49:42 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/6/2010 9:49:42 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030

Error - 9/6/2010 9:49:42 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030

Error - 9/6/2010 9:49:43 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/6/2010 9:49:43 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2044

Error - 9/6/2010 9:49:43 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2044

Error - 9/6/2010 9:49:44 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/6/2010 9:49:44 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3042

[ Hewlett-Packard Events ]
Error - 8/17/2010 10:13:33 PM | Computer Name = Home-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 8/21/2010 2:19:10 AM | Computer Name = Home-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ System Events ]
Error - 9/9/2010 10:03:21 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/9/2010 10:03:21 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/9/2010 10:03:21 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/9/2010 10:03:30 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/9/2010 10:04:56 PM | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 9/9/2010 10:04:56 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/9/2010 10:10:03 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/9/2010 10:10:24 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/9/2010 10:10:46 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/10/2010 12:12:21 AM | Computer Name = Home-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,109 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 23 September 2010 - 04:04 AM

Hello again,

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    O4 - HKU\S-1-5-21-3667829716-1643583849-895308290-1001..\Run: [regsdkrl32] C:\Users\Home\AppData\Roaming\regsdkrl32\regsdkrl83.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,109 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 27 September 2010 - 05:35 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,109 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:06 PM

Posted 04 October 2010 - 05:21 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users