Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with TDSS and google keeps redirecting, Also system tool pop-ups


  • This topic is locked This topic is locked
66 replies to this topic

#1 bigbadbuck87

bigbadbuck87

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 12 January 2012 - 11:21 PM

I had the Microsoft security 2012 virus. I followed the instruction on this forum to fix it and my computer started working better, but I continued getting google redirects. After some more use the 2012 security virus came back. I have not been able to get the virus completely removed and I need help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Run by T-Bone at 21:46:26 on 2012-01-12
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4085.1697 [GMT -6:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\OEM02Mon.exe
C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=0F1634C5CEA442D2BC3DE102A328A6D5&machine_id=a83e18534b16795caa7bc67a7cd1f49a&browser=IE&os=win&os_version=6.0-x64-SP1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\T-Bone\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun: [VirusScannerPro] C:\PROGRA~2\AVANQU~1\Fix-It\MemCheck.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun: [ACTSchedulerUI] "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: isqft.com\www
Trusted Zone: isqft.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2B41F8BA-8E87-426B-A782-9BE55269CF8F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6B62C57C-7D05-4BDD-9552-5C9237937523} : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{B25B9D96-A292-4FD4-865B-635BF4C65CEA} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BEFBEC2C-0DE7-424A-A4D6-A775E6262DD3} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
mRun-x64: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun-x64: [VirusScannerPro] C:\PROGRA~2\AVANQU~1\Fix-It\MemCheck.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
mRun-x64: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload
mRun-x64: [ACTSchedulerUI] "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://lf.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=0F1634C5CEA442D2BC3DE102A328A6D5&machine_id=a83e18534b16795caa7bc67a7cd1f49a&browser=FF&os=win&os_version=6.0-x64-SP1&q=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\T-Bone\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R2 ACT! Scheduler;ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2009-2-24 81920]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-5-27 29262680]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-1-12 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-1-12 1150936]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2008-6-9 24652]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-21 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-2 1153368]
S2 tmpreflt;tmpreflt;C:\PROGRA~2\AVANQU~1\Fix-It\tmpreflt.sys [2007-8-2 32528]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-21 136176]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-1 93184]
.
=============== Created Last 30 ================
.
2012-01-12 18:29:50 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-01-12 18:29:50 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-01-12 18:29:24 331368 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-01-12 18:29:24 136168 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-01-12 18:29:02 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-01-12 18:28:55 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-01-12 18:28:45 -------- d-----w- C:\Users\T-Bone\AppData\Roaming\PC Tools
2012-01-12 18:28:45 -------- d-----w- C:\ProgramData\PC Tools
2012-01-12 18:28:45 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-01-12 18:28:45 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-01-03 19:59:12 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-03 19:59:12 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-03 19:59:12 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-03 19:59:12 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-15 20:16:50 -------- d-----w- C:\Program Files\iPod
2011-12-15 20:16:47 -------- d-----w- C:\Program Files\iTunes
2011-12-15 20:16:47 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-01-13 00:59:01 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
.
============= FINISH: 21:57:51.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:58 PM

Posted 13 January 2012 - 03:25 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Please let me know how the above scans go.

Kindest Regards,
ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:58 PM

Posted 16 January 2012 - 05:18 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:58 PM

Posted 17 January 2012 - 01:22 AM

Hi!

As requested, I've re-opened your thread. Please follow the instructions in my previous post and post the logs those scans produce for you.

If TDSSKiller is not able to run for you, please run this tool in it's place.

Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 bigbadbuck87

bigbadbuck87
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 17 January 2012 - 10:37 AM

Here are the reports from the scans. TDSS did end up running.

TDSS Report-

09:33:07.0826 1256 1.0.0.0 Nov 19 2011 15:54:30
09:33:07.0832 1256 Updater subsystem init failed!
09:33:07.0833 1256 ============================================================
09:33:07.0833 1256 Current date / time: 2012/01/17 09:33:07.0833
09:33:07.0833 1256 SystemInfo:
09:33:07.0833 1256
09:33:07.0833 1256 OS Version: 6.0.6001 ServicePack: 1.0
09:33:07.0833 1256 Product type: Workstation
09:33:07.0833 1256 ComputerName: T-BONE-PC
09:33:07.0833 1256 UserName: T-Bone
09:33:07.0833 1256 Windows directory: C:\Windows
09:33:07.0833 1256 System windows directory: C:\Windows
09:33:07.0834 1256 Running under WOW64
09:33:07.0834 1256 Processor architecture: Intel x64
09:33:07.0834 1256 Number of processors: 2
09:33:07.0834 1256 Page size: 0x1000
09:33:07.0834 1256 Boot type: Normal boot
09:33:07.0834 1256 ============================================================
09:33:08.0891 1256 Initialize success
09:33:13.0941 1244 ============================================================
09:33:13.0941 1244 Scan started
09:33:13.0941 1244 Mode: Manual;
09:33:13.0941 1244 ============================================================
09:33:14.0650 1244 Scan interrupted by user!
09:33:14.0650 1244 Scan interrupted by user!
09:33:14.0650 1244 Scan interrupted by user!
09:33:14.0650 1244 ============================================================
09:33:14.0650 1244 Scan finished
09:33:14.0650 1244 ============================================================
09:33:14.0665 4868 Detected object count: 0
09:33:14.0665 4868 Actual detected object count: 0
09:33:19.0053 2704 ============================================================
09:33:19.0053 2704 Scan started
09:33:19.0053 2704 Mode: Manual; SigCheck; TDLFS;
09:33:19.0053 2704 ============================================================
09:33:19.0387 2704 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
09:33:19.0556 2704 ACPI - ok
09:33:19.0617 2704 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:33:19.0640 2704 adp94xx - ok
09:33:19.0690 2704 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:33:19.0709 2704 adpahci - ok
09:33:19.0759 2704 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:33:19.0771 2704 adpu160m - ok
09:33:19.0826 2704 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:33:19.0839 2704 adpu320 - ok
09:33:19.0904 2704 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
09:33:19.0982 2704 AFD - ok
09:33:20.0024 2704 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:33:20.0035 2704 agp440 - ok
09:33:20.0071 2704 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:33:20.0085 2704 aic78xx - ok
09:33:20.0115 2704 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
09:33:20.0125 2704 aliide - ok
09:33:20.0143 2704 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
09:33:20.0153 2704 amdide - ok
09:33:20.0173 2704 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:33:20.0214 2704 AmdK8 - ok
09:33:20.0274 2704 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:33:20.0285 2704 arc - ok
09:33:20.0305 2704 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:33:20.0317 2704 arcsas - ok
09:33:20.0367 2704 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:33:20.0412 2704 AsyncMac - ok
09:33:20.0432 2704 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
09:33:20.0447 2704 atapi - ok
09:33:20.0525 2704 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:33:20.0567 2704 b57nd60a - ok
09:33:20.0622 2704 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:33:20.0846 2704 BCM43XV - ok
09:33:21.0219 2704 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:33:21.0258 2704 blbdrive - ok
09:33:21.0337 2704 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
09:33:21.0377 2704 bowser - ok
09:33:21.0409 2704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:33:21.0449 2704 BrFiltLo - ok
09:33:21.0475 2704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:33:21.0515 2704 BrFiltUp - ok
09:33:21.0545 2704 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:33:21.0608 2704 Brserid - ok
09:33:21.0634 2704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:33:21.0696 2704 BrSerWdm - ok
09:33:21.0728 2704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:33:21.0789 2704 BrUsbMdm - ok
09:33:21.0802 2704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:33:21.0870 2704 BrUsbSer - ok
09:33:21.0904 2704 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:33:21.0966 2704 BTHMODEM - ok
09:33:21.0987 2704 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:33:22.0034 2704 cdfs - ok
09:33:22.0094 2704 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
09:33:22.0136 2704 cdrom - ok
09:33:22.0167 2704 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
09:33:22.0207 2704 circlass - ok
09:33:22.0218 2704 CLFS - ok
09:33:22.0285 2704 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
09:33:22.0324 2704 CmBatt - ok
09:33:22.0350 2704 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
09:33:22.0360 2704 cmdide - ok
09:33:22.0384 2704 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
09:33:22.0395 2704 Compbatt - ok
09:33:22.0417 2704 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:33:22.0428 2704 crcdisk - ok
09:33:22.0470 2704 CSC (a25e4dd707714da07fe1febf1dc91d86) C:\Windows\system32\drivers\csc.sys
09:33:22.0534 2704 CSC - ok
09:33:22.0607 2704 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
09:33:22.0653 2704 DfsC - ok
09:33:22.0674 2704 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
09:33:22.0687 2704 disk - ok
09:33:22.0765 2704 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
09:33:22.0808 2704 Dot4 - ok
09:33:22.0829 2704 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:33:22.0873 2704 Dot4Print - ok
09:33:22.0891 2704 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
09:33:22.0934 2704 dot4usb - ok
09:33:22.0969 2704 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:33:23.0008 2704 drmkaud - ok
09:33:23.0085 2704 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
09:33:23.0188 2704 DXGKrnl - ok
09:33:23.0263 2704 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:33:23.0306 2704 E1G60 - ok
09:33:23.0354 2704 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
09:33:23.0369 2704 Ecache - ok
09:33:23.0424 2704 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:33:23.0485 2704 elxstor - ok
09:33:23.0542 2704 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
09:33:23.0581 2704 ErrDev - ok
09:33:23.0632 2704 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
09:33:23.0677 2704 exfat - ok
09:33:23.0694 2704 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
09:33:23.0745 2704 fastfat - ok
09:33:23.0789 2704 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:33:23.0830 2704 fdc - ok
09:33:23.0873 2704 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:33:23.0886 2704 FileInfo - ok
09:33:23.0916 2704 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:33:23.0962 2704 Filetrace - ok
09:33:24.0001 2704 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:33:24.0043 2704 flpydisk - ok
09:33:24.0074 2704 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
09:33:24.0093 2704 FltMgr - ok
09:33:24.0121 2704 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:33:24.0161 2704 Fs_Rec - ok
09:33:24.0186 2704 fvevol (5cd88ce69bc24e5cfc0edcfc338b79e1) C:\Windows\system32\DRIVERS\fvevol.sys
09:33:24.0202 2704 fvevol - ok
09:33:24.0246 2704 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:33:24.0259 2704 gagp30kx - ok
09:33:24.0309 2704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:33:24.0320 2704 GEARAspiWDM - ok
09:33:24.0420 2704 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
09:33:24.0488 2704 HdAudAddService - ok
09:33:24.0531 2704 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:33:24.0572 2704 HDAudBus - ok
09:33:24.0601 2704 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:33:24.0664 2704 HidBth - ok
09:33:24.0723 2704 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
09:33:24.0785 2704 HidIr - ok
09:33:24.0838 2704 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
09:33:24.0877 2704 HidUsb - ok
09:33:24.0909 2704 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:33:24.0921 2704 HpCISSs - ok
09:33:25.0013 2704 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:33:25.0152 2704 HSF_DPV - ok
09:33:25.0226 2704 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
09:33:25.0323 2704 HTTP - ok
09:33:25.0393 2704 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:33:25.0406 2704 i2omp - ok
09:33:25.0450 2704 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:33:25.0491 2704 i8042prt - ok
09:33:25.0527 2704 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:33:25.0548 2704 iaStorV - ok
09:33:25.0792 2704 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:33:26.0234 2704 igfx - ok
09:33:26.0270 2704 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:33:26.0281 2704 iirsp - ok
09:33:26.0317 2704 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
09:33:26.0328 2704 intelide - ok
09:33:26.0351 2704 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:33:26.0401 2704 intelppm - ok
09:33:26.0425 2704 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:33:26.0476 2704 IpFilterDriver - ok
09:33:26.0492 2704 IpInIp - ok
09:33:26.0521 2704 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:33:26.0562 2704 IPMIDRV - ok
09:33:26.0605 2704 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:33:26.0652 2704 IPNAT - ok
09:33:26.0705 2704 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:33:26.0744 2704 IRENUM - ok
09:33:26.0761 2704 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:33:26.0776 2704 isapnp - ok
09:33:26.0811 2704 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
09:33:26.0828 2704 iScsiPrt - ok
09:33:26.0860 2704 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:33:26.0872 2704 iteatapi - ok
09:33:26.0905 2704 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:33:26.0916 2704 iteraid - ok
09:33:26.0944 2704 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:33:26.0961 2704 kbdclass - ok
09:33:26.0981 2704 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:33:27.0024 2704 kbdhid - ok
09:33:27.0099 2704 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
09:33:27.0166 2704 KSecDD - ok
09:33:27.0224 2704 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:33:27.0263 2704 ksthunk - ok
09:33:27.0303 2704 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:33:27.0345 2704 lltdio - ok
09:33:27.0407 2704 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:33:27.0421 2704 LSI_FC - ok
09:33:27.0456 2704 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:33:27.0470 2704 LSI_SAS - ok
09:33:27.0507 2704 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:33:27.0524 2704 LSI_SCSI - ok
09:33:27.0548 2704 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:33:27.0593 2704 luafv - ok
09:33:27.0634 2704 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:33:27.0645 2704 megasas - ok
09:33:27.0684 2704 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:33:27.0710 2704 MegaSR - ok
09:33:27.0781 2704 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:33:27.0821 2704 Modem - ok
09:33:27.0848 2704 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:33:27.0890 2704 monitor - ok
09:33:27.0917 2704 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:33:27.0933 2704 mouclass - ok
09:33:27.0965 2704 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:33:28.0005 2704 mouhid - ok
09:33:28.0022 2704 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:33:28.0035 2704 MountMgr - ok
09:33:28.0066 2704 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:33:28.0080 2704 mpio - ok
09:33:28.0109 2704 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:33:28.0151 2704 mpsdrv - ok
09:33:28.0171 2704 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:33:28.0191 2704 Mraid35x - ok
09:33:28.0223 2704 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
09:33:28.0243 2704 MRxDAV - ok
09:33:28.0311 2704 mrxsmb (937512d4321b4f5218ad5a0aebf2b5cc) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:33:28.0328 2704 mrxsmb - ok
09:33:28.0410 2704 mrxsmb10 (152b673b3984356390e7baa4199f1114) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:33:28.0432 2704 mrxsmb10 - ok
09:33:28.0450 2704 mrxsmb20 (65e45c26ba6fd66cd2889913f73823ef) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:33:28.0469 2704 mrxsmb20 - ok
09:33:28.0490 2704 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
09:33:28.0505 2704 msahci - ok
09:33:28.0529 2704 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:33:28.0543 2704 msdsm - ok
09:33:28.0573 2704 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:33:28.0617 2704 Msfs - ok
09:33:28.0640 2704 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:33:28.0655 2704 msisadrv - ok
09:33:28.0718 2704 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:33:28.0757 2704 MSKSSRV - ok
09:33:28.0776 2704 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:33:28.0817 2704 MSPCLOCK - ok
09:33:28.0836 2704 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:33:28.0876 2704 MSPQM - ok
09:33:28.0903 2704 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
09:33:28.0932 2704 MsRPC - ok
09:33:28.0964 2704 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:33:28.0975 2704 mssmbios - ok
09:33:29.0002 2704 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:33:29.0043 2704 MSTEE - ok
09:33:29.0057 2704 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
09:33:29.0069 2704 Mup - ok
09:33:29.0158 2704 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
09:33:29.0175 2704 NativeWifiP - ok
09:33:29.0225 2704 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
09:33:29.0321 2704 NDIS - ok
09:33:29.0382 2704 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:33:29.0421 2704 NdisTapi - ok
09:33:29.0461 2704 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:33:29.0502 2704 Ndisuio - ok
09:33:29.0535 2704 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
09:33:29.0579 2704 NdisWan - ok
09:33:29.0623 2704 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:33:29.0664 2704 NDProxy - ok
09:33:29.0705 2704 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:33:29.0747 2704 NetBIOS - ok
09:33:29.0775 2704 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
09:33:29.0842 2704 netbt - ok
09:33:29.0915 2704 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:33:29.0926 2704 nfrd960 - ok
09:33:29.0963 2704 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
09:33:30.0008 2704 Npfs - ok
09:33:30.0040 2704 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:33:30.0080 2704 nsiproxy - ok
09:33:30.0151 2704 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
09:33:30.0262 2704 Ntfs - ok
09:33:30.0305 2704 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:33:30.0344 2704 Null - ok
09:33:30.0369 2704 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:33:30.0383 2704 nvraid - ok
09:33:30.0404 2704 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:33:30.0416 2704 nvstor - ok
09:33:30.0457 2704 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:33:30.0475 2704 nv_agp - ok
09:33:30.0495 2704 NwlnkFlt - ok
09:33:30.0509 2704 NwlnkFwd - ok
09:33:30.0563 2704 OEM02Dev (44a9473d72983dd484b4f1bf0d946571) C:\Windows\system32\DRIVERS\OEM02Dev.sys
09:33:30.0581 2704 OEM02Dev - ok
09:33:30.0601 2704 OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
09:33:30.0614 2704 OEM02Vfx - ok
09:33:30.0656 2704 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
09:33:30.0698 2704 ohci1394 - ok
09:33:30.0794 2704 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
09:33:30.0858 2704 Parport - ok
09:33:30.0892 2704 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
09:33:30.0905 2704 partmgr - ok
09:33:30.0930 2704 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
09:33:30.0951 2704 pci - ok
09:33:30.0987 2704 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
09:33:30.0999 2704 pciide - ok
09:33:31.0034 2704 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:33:31.0051 2704 pcmcia - ok
09:33:31.0105 2704 PCTCore (8f38fffa9e7b9d547b7921efa8edff3c) C:\Windows\system32\drivers\PCTCore64.sys
09:33:31.0147 2704 PCTCore - ok
09:33:31.0228 2704 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
09:33:31.0254 2704 pctDS - ok
09:33:31.0314 2704 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
09:33:31.0405 2704 pctEFA - ok
09:33:31.0484 2704 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:33:31.0653 2704 PEAUTH - ok
09:33:31.0777 2704 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
09:33:31.0819 2704 PptpMiniport - ok
09:33:31.0840 2704 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
09:33:31.0886 2704 Processor - ok
09:33:31.0963 2704 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
09:33:31.0976 2704 PSched - ok
09:33:32.0033 2704 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:33:32.0140 2704 ql2300 - ok
09:33:32.0189 2704 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:33:32.0202 2704 ql40xx - ok
09:33:32.0223 2704 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:33:32.0244 2704 QWAVEdrv - ok
09:33:32.0266 2704 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:33:32.0306 2704 RasAcd - ok
09:33:32.0329 2704 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:33:32.0372 2704 Rasl2tp - ok
09:33:32.0416 2704 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
09:33:32.0464 2704 RasPppoe - ok
09:33:32.0499 2704 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
09:33:32.0543 2704 RasSstp - ok
09:33:32.0589 2704 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
09:33:32.0636 2704 rdbss - ok
09:33:32.0654 2704 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:33:32.0695 2704 RDPCDD - ok
09:33:32.0725 2704 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\DRIVERS\rdpdr.sys
09:33:32.0776 2704 rdpdr - ok
09:33:32.0791 2704 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:33:32.0835 2704 RDPENCDD - ok
09:33:32.0891 2704 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
09:33:32.0936 2704 RDPWD - ok
09:33:33.0000 2704 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
09:33:33.0009 2704 Revoflt - ok
09:33:33.0052 2704 rimmptsk (9c23519fc1fd331aaaedc145ab947293) C:\Windows\system32\DRIVERS\rimmpx64.sys
09:33:33.0064 2704 rimmptsk - ok
09:33:33.0101 2704 rimsptsk (304d71e7d2f4ce8408d058a0fffc855f) C:\Windows\system32\DRIVERS\rimspx64.sys
09:33:33.0112 2704 rimsptsk - ok
09:33:33.0131 2704 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
09:33:33.0146 2704 rismxdp - ok
09:33:33.0179 2704 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:33:33.0223 2704 rspndr - ok
09:33:33.0252 2704 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:33:33.0265 2704 sbp2port - ok
09:33:33.0316 2704 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
09:33:33.0364 2704 sdbus - ok
09:33:33.0411 2704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:33:33.0476 2704 secdrv - ok
09:33:33.0519 2704 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
09:33:33.0580 2704 Serenum - ok
09:33:33.0603 2704 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
09:33:33.0667 2704 Serial - ok
09:33:33.0689 2704 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:33:33.0728 2704 sermouse - ok
09:33:33.0771 2704 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
09:33:33.0810 2704 sffdisk - ok
09:33:33.0828 2704 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:33:33.0867 2704 sffp_mmc - ok
09:33:33.0888 2704 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:33:33.0930 2704 sffp_sd - ok
09:33:33.0947 2704 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:33:34.0012 2704 sfloppy - ok
09:33:34.0062 2704 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:33:34.0074 2704 SiSRaid2 - ok
09:33:34.0100 2704 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:33:34.0113 2704 SiSRaid4 - ok
09:33:34.0156 2704 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
09:33:34.0198 2704 Smb - ok
09:33:34.0248 2704 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
09:33:34.0259 2704 spldr - ok
09:33:34.0393 2704 srv (ae06ff9cd54b74faf4484003be9de89c) C:\Windows\system32\DRIVERS\srv.sys
09:33:34.0421 2704 srv - ok
09:33:34.0477 2704 srv2 (56e686e35fce7a1931eb05c226bbae81) C:\Windows\system32\DRIVERS\srv2.sys
09:33:34.0499 2704 srv2 - ok
09:33:34.0564 2704 srvnet (a93df8babf7c7b9637a76e0eae5744b7) C:\Windows\system32\DRIVERS\srvnet.sys
09:33:34.0582 2704 srvnet - ok
09:33:34.0699 2704 STHDA (7ed1012b59acacfcfb1af56345f9cd0f) C:\Windows\system32\drivers\stwrt64.sys
09:33:34.0759 2704 STHDA - ok
09:33:34.0826 2704 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:33:34.0836 2704 swenum - ok
09:33:34.0889 2704 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:33:34.0900 2704 Symc8xx - ok
09:33:34.0925 2704 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:33:34.0937 2704 Sym_hi - ok
09:33:34.0965 2704 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:33:34.0981 2704 Sym_u3 - ok
09:33:35.0142 2704 Tcpip (30c4abc8075dea44d7e775d434af1753) C:\Windows\system32\drivers\tcpip.sys
09:33:35.0219 2704 Tcpip - ok
09:33:35.0297 2704 Tcpip6 (30c4abc8075dea44d7e775d434af1753) C:\Windows\system32\DRIVERS\tcpip.sys
09:33:35.0380 2704 Tcpip6 - ok
09:33:35.0418 2704 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
09:33:35.0459 2704 tcpipreg - ok
09:33:35.0492 2704 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:33:35.0534 2704 TDPIPE - ok
09:33:35.0553 2704 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:33:35.0593 2704 TDTCP - ok
09:33:35.0617 2704 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
09:33:35.0658 2704 tdx - ok
09:33:35.0683 2704 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
09:33:35.0700 2704 TermDD - ok
09:33:35.0806 2704 tmpreflt (e4d1bfeee3a2526d9a986c314a4a4d52) C:\PROGRA~2\AVANQU~1\Fix-It\tmpreflt.sys
09:33:35.0821 2704 tmpreflt - ok
09:33:35.0854 2704 tmxpflt (d975ce5ab8d80f785938fe2fcc374b0a) C:\PROGRA~2\AVANQU~1\Fix-It\tmxpflt.sys
09:33:35.0868 2704 tmxpflt - ok
09:33:35.0912 2704 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:33:35.0952 2704 tssecsrv - ok
09:33:35.0976 2704 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:33:35.0992 2704 tunmp - ok
09:33:36.0057 2704 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
09:33:36.0071 2704 tunnel - ok
09:33:36.0094 2704 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:33:36.0108 2704 uagp35 - ok
09:33:36.0167 2704 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:33:36.0180 2704 uliagpkx - ok
09:33:36.0217 2704 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:33:36.0236 2704 uliahci - ok
09:33:36.0268 2704 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:33:36.0283 2704 UlSata - ok
09:33:36.0315 2704 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:33:36.0331 2704 ulsata2 - ok
09:33:36.0366 2704 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:33:36.0407 2704 umbus - ok
09:33:36.0502 2704 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:33:36.0515 2704 USBAAPL64 - ok
09:33:36.0551 2704 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:33:36.0594 2704 usbccgp - ok
09:33:36.0615 2704 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:33:36.0681 2704 usbcir - ok
09:33:36.0713 2704 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
09:33:36.0753 2704 usbehci - ok
09:33:36.0787 2704 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
09:33:36.0838 2704 usbhub - ok
09:33:36.0871 2704 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
09:33:36.0932 2704 usbohci - ok
09:33:36.0970 2704 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
09:33:37.0009 2704 usbprint - ok
09:33:37.0057 2704 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:33:37.0099 2704 USBSTOR - ok
09:33:37.0115 2704 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:33:37.0158 2704 usbuhci - ok
09:33:37.0205 2704 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
09:33:37.0251 2704 usbvideo - ok
09:33:37.0290 2704 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:33:37.0331 2704 vga - ok
09:33:37.0351 2704 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:33:37.0391 2704 VgaSave - ok
09:33:37.0407 2704 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
09:33:37.0418 2704 viaide - ok
09:33:37.0458 2704 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
09:33:37.0470 2704 volmgr - ok
09:33:37.0509 2704 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
09:33:37.0579 2704 volmgrx - ok
09:33:37.0634 2704 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
09:33:37.0653 2704 volsnap - ok
09:33:37.0744 2704 Vsapint (4e1ea031d3ab080b7007f13fd6f1f291) C:\PROGRA~2\AVANQU~1\Fix-It\Vsapint.sys
09:33:37.0822 2704 Vsapint - ok
09:33:37.0866 2704 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:33:37.0881 2704 vsmraid - ok
09:33:37.0955 2704 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:33:38.0016 2704 WacomPen - ok
09:33:38.0035 2704 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:38.0082 2704 Wanarp - ok
09:33:38.0097 2704 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:38.0137 2704 Wanarpv6 - ok
09:33:38.0163 2704 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:33:38.0174 2704 Wd - ok
09:33:38.0222 2704 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:33:38.0299 2704 Wdf01000 - ok
09:33:38.0419 2704 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:33:38.0507 2704 winachsf - ok
09:33:38.0597 2704 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:33:38.0636 2704 WmiAcpi - ok
09:33:38.0734 2704 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
09:33:38.0775 2704 WpdUsb - ok
09:33:38.0796 2704 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:33:38.0838 2704 ws2ifsl - ok
09:33:38.0901 2704 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:33:38.0943 2704 WUDFRd - ok
09:33:39.0011 2704 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:33:39.0038 2704 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
09:33:39.0038 2704 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
09:33:39.0132 2704 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:33:39.0132 2704 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:33:39.0162 2704 Boot (0x1200) (43e171b702dbc27a2ca90f7e24de2f03) \Device\Harddisk0\DR0\Partition0
09:33:39.0164 2704 \Device\Harddisk0\DR0\Partition0 - ok
09:33:39.0164 2704 ============================================================
09:33:39.0164 2704 Scan finished
09:33:39.0165 2704 ============================================================
09:33:39.0182 2232 Detected object count: 2
09:33:39.0182 2232 Actual detected object count: 2
09:33:52.0182 2232 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
09:33:52.0182 2232 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
09:33:52.0185 2232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:33:52.0185 2232 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Farbor Scan log

Farbar Service Scanner
Ran by T-Bone (administrator) on 16-01-2012 at 13:46:30
Microsoft® Windows Vista™ Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 20:48] - [2008-01-20 20:48] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\SysWOW64\dhcpcsvc.dll
[2008-01-20 20:47] - [2008-01-20 20:47] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\System32\drivers\afd.sys
[2008-01-20 20:47] - [2008-01-20 20:47] - 0408064 ____A (Microsoft Corporation)

C:\Windows\System32\drivers\tdx.sys
[2008-01-20 20:48] - [2008-01-20 20:48] - 0094208 ____A (Microsoft Corporation) 8C39C72E0E853DE04748C0337D9B9216

C:\Windows\System32\Drivers\tcpip.sys
[2010-09-26 09:49] - [2010-02-18 09:01] - 1420688 ____A (Microsoft Corporation) 30C4ABC8075DEA44D7E775D434AF1753

C:\Windows\System32\dnsrslvr.dll
[2008-01-20 20:47] - [2008-01-20 20:47] - 0117760 ____A (Microsoft Corporation) 93CE26DBED3182634F18DD2FE10E41BE

C:\Windows\System32\mpssvc.dll
[2008-01-20 20:48] - [2008-01-20 20:48] - 0601088 ____A (Microsoft Corporation) 8A670648C755867A3AA38DA50BA569AA

C:\Windows\System32\bfe.dll
[2008-01-20 20:49] - [2008-01-20 20:49] - 0458240 ____A (Microsoft Corporation) BC4737AAFFA5964E4F8827C9B8C0EB8E

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 20:46] - [2008-01-20 20:46] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2008-01-20 20:49] - [2008-01-20 20:49] - 1432576 ____A (Microsoft Corporation) 186BD53F8A408AD20F5A056C05678629

C:\Windows\System32\wscsvc.dll
[2008-01-20 20:46] - [2008-01-20 20:46] - 0074752 ____A (Microsoft Corporation) CB8EA6D95949384925CCFCA21CC6DFD8

C:\Windows\System32\wbem\WMIsvc.dll
[2008-01-20 20:49] - [2008-01-20 20:49] - 0221696 ____A (Microsoft Corporation) AC98F38FEAB066A8F983D54FF3F4FD4C

C:\Windows\System32\wuaueng.dll
[2009-10-01 23:34] - [2009-08-06 20:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2008-01-20 20:49] - [2008-01-20 20:49] - 1082368 ____A (Microsoft Corporation) D896A0D43F8AB81ECB1FC6C24DECFD58

C:\Windows\System32\es.dll
[2008-11-05 20:36] - [2008-04-17 22:42] - 0361984 ____A (Microsoft Corporation) 6B1A97BF9FEFBDC83F3C7C7D0F826C66

C:\Windows\System32\cryptsvc.dll
[2008-01-20 20:48] - [2008-01-20 20:48] - 0165376 ____A (Microsoft Corporation) 4374F784121D8B3BB466B03F5E5EBD33

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-05-13 16:25] - [2009-03-02 22:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C



**** End of log ****

OTL Log

OTL logfile created on: 1/16/2012 1:50:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\T-Bone\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.42% Memory free
8.16 Gb Paging File | 5.93 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.81 Gb Total Space | 103.34 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

Computer Name: T-BONE-PC | User Name: T-Bone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 13:47:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\T-Bone\Desktop\OTL.exe
PRC - [2012/01/16 13:46:01 | 000,334,191 | ---- | M] () -- C:\Users\T-Bone\Downloads\FSS.exe
PRC - [2012/01/03 13:59:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/19 15:55:18 | 001,555,456 | R--- | M] () -- C:\Users\T-Bone\AppData\Local\Temp\Temp1_TDSSKillerN.zip\TDSSKiller.exe
PRC - [2011/05/20 11:03:34 | 000,210,144 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2010/12/01 14:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2009/02/24 12:05:15 | 000,503,808 | ---- | M] (Sage Software, Inc.) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe
PRC - [2009/02/24 12:05:15 | 000,081,920 | ---- | M] (Sage Software, Inc.) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
PRC - [2009/02/24 12:05:14 | 000,028,672 | ---- | M] (Sage Software, Inc.) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2008/08/26 15:14:42 | 000,152,832 | ---- | M] (Avanquest North America, Inc.) -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe
PRC - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/05/09 16:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/16 13:46:01 | 000,334,191 | ---- | M] () -- C:\Users\T-Bone\Downloads\FSS.exe
MOD - [2012/01/03 13:59:12 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/19 15:55:18 | 001,555,456 | R--- | M] () -- C:\Users\T-Bone\AppData\Local\Temp\Temp1_TDSSKillerN.zip\TDSSKiller.exe
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/17 21:21:00 | 003,883,424 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/06/29 14:37:56 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Janus.Windows.Common.v3\3.5.0.0__21d5517571b185bf\Janus.Windows.Common.v3.dll
MOD - [2008/01/20 20:47:46 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/05/06 16:11:38 | 000,112,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV - [2011/05/20 11:03:34 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/02/24 12:05:15 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2008/08/26 15:14:42 | 000,152,832 | ---- | M] (Avanquest North America, Inc.) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/11 18:48:28 | 007,709,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 20:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:46:33 | 000,214,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 20:46:05 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 20:46:05 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 20:46:02 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/10 16:03:00 | 000,266,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2007/05/06 16:12:02 | 000,388,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) SigmaTel High Definition Audio CODEC (for 64-bit Windows)
DRV:64bit: - [2007/03/05 09:55:48 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2006/11/18 12:07:48 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/11/17 16:49:52 | 000,052,224 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2006/11/16 00:59:52 | 000,053,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2007/08/02 15:02:00 | 000,199,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\tmxpflt.sys -- (tmxpflt)
DRV - [2007/08/02 15:02:00 | 000,032,528 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\tmpreflt.sys -- (tmpreflt)
DRV - [2007/08/02 15:01:48 | 001,052,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\Vsapint.sys -- (Vsapint)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=0F1634C5CEA442D2BC3DE102A328A6D5&machine_id=a83e18534b16795caa7bc67a7cd1f49a&browser=IE&os=win&os_version=6.0-x64-SP1
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://lf.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=0F1634C5CEA442D2BC3DE102A328A6D5&machine_id=a83e18534b16795caa7bc67a7cd1f49a&browser=FF&os=win&os_version=6.0-x64-SP1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\T-Bone\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\T-Bone\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/01 23:11:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/03 13:59:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/01 10:24:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/01 23:11:37 | 000,000,000 | ---D | M]

[2009/09/14 06:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Extensions
[2011/07/12 08:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions
[2010/07/26 19:04:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/12 08:25:56 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2009/10/16 21:47:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/12 08:25:55 | 000,002,287 | ---- | M] () -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\searchplugins\bing-zugo.xml
[2011/11/12 16:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/03 13:59:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2011/11/02 13:47:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/24 12:39:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/12 16:18:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\T-Bone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\T-Bone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

O1 HOSTS File: ([2011/04/09 17:33:16 | 000,430,643 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14826 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [ACTSchedulerUI] "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirusScannerPro] C:\Program Files (x86)\Avanquest\Fix-It\MemCheck.exe (Avanquest North America, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B41F8BA-8E87-426B-A782-9BE55269CF8F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B62C57C-7D05-4BDD-9552-5C9237937523}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B25B9D96-A292-4FD4-865B-635BF4C65CEA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEFBEC2C-0DE7-424A-A4D6-A775E6262DD3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2457b0f4-5a9f-11de-843f-001c23fa73bf}\Shell - "" = AutoRun
O33 - MountPoints2\{2457b0f4-5a9f-11de-843f-001c23fa73bf}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe
O33 - MountPoints2\{2a7304fc-431f-11df-9938-001c23fa73bf}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7304fc-431f-11df-9938-001c23fa73bf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{92326092-fae0-11dd-bd64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{92326092-fae0-11dd-bd64-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{bdec552c-44fc-11e0-b4bb-001c23fa73bf}\Shell - "" = AutoRun
O33 - MountPoints2\{bdec552c-44fc-11e0-b4bb-001c23fa73bf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 13:47:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\T-Bone\Desktop\OTL.exe
[2012/01/16 10:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/01/16 09:49:42 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2012/01/14 20:08:06 | 001,974,064 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\T-Bone\Desktop\sdfs.com.exe
[2012/01/12 12:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\Users\T-Bone\AppData\Roaming\PC Tools
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/20 15:27:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[20 C:\Users\T-Bone\Documents\*.tmp files -> C:\Users\T-Bone\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/23 20:46:46 | 000,846,681 | ---- | M] () -- C:\Users\T-Bone\Desktop\PICT0263.JPG
[2012/01/16 15:32:48 | 000,003,712 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 15:32:48 | 000,003,712 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 13:55:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4979C7E-2576-4D8E-AA62-362B718A0168}.job
[2012/01/16 13:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/16 13:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/01/16 13:47:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\T-Bone\Desktop\OTL.exe
[2012/01/16 13:21:21 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/16 13:20:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 13:20:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 13:18:32 | 000,000,732 | ---- | M] () -- C:\Users\T-Bone\AppData\Local\d3d9caps64.dat
[2012/01/16 12:50:59 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/16 12:50:59 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/01/16 12:17:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 11:57:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-723744364-3269971947-1814937133-1000UA.job
[2012/01/16 11:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/01/16 11:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/01/16 10:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/01/16 10:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/01/16 10:46:58 | 000,821,184 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/16 10:46:58 | 000,690,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/16 10:46:58 | 000,137,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/16 10:46:43 | 000,821,184 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/16 09:51:08 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/01/16 09:51:08 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/01/14 20:08:06 | 001,974,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\T-Bone\Desktop\sdfs.com.exe
[2012/01/12 22:16:04 | 681,739,751 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/12 21:51:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/12 21:51:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/01/12 20:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/12 20:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/01/12 19:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/12 19:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/01/12 17:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/12 17:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/01/12 16:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/12 16:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/01/12 15:51:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/12 15:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/01/12 12:30:43 | 002,190,274 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/12 12:28:58 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/01/12 10:57:39 | 000,308,746 | ---- | M] () -- C:\Users\T-Bone\Documents\spray foam fig.pdf
[2012/01/11 11:36:45 | 000,308,682 | ---- | M] () -- C:\Users\T-Bone\Documents\Spray Rig for Sale.pdf
[2012/01/11 11:03:10 | 000,302,136 | ---- | M] () -- C:\Users\T-Bone\Documents\photo 1.jpg
[2012/01/11 11:02:30 | 000,105,997 | ---- | M] () -- C:\Users\T-Bone\Documents\photo 23.jpg
[2012/01/11 09:25:17 | 000,090,355 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1092_from_Best_Insulation_1092.pdf
[2012/01/11 09:25:08 | 000,083,074 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1212_from_Best_Insulation_1092.pdf
[2012/01/11 09:24:55 | 000,083,023 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1236_from_Best_Insulation_1092.pdf
[2012/01/11 09:24:42 | 000,082,882 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1237_from_Best_Insulation_1092.pdf
[2012/01/10 14:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/10 14:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/01/10 13:57:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-723744364-3269971947-1814937133-1000Core.job
[2012/01/10 08:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/01/10 08:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/01/10 07:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/01/10 07:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/01/10 06:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/01/10 06:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/01/10 05:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/01/10 05:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/01/10 04:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/01/10 04:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/01/10 03:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/01/10 03:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/01/10 02:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/01/10 02:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/01/10 01:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/01/10 01:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/01/10 00:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/10 00:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/09 23:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/09 23:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/01/09 22:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/09 22:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/01/09 18:51:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/09 18:51:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/01/09 11:03:57 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 10:23:12 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/09 10:02:43 | 000,011,528 | -HS- | M] () -- C:\Users\T-Bone\AppData\Local\0ea02m0hl3
[2012/01/09 10:02:43 | 000,011,528 | -HS- | M] () -- C:\ProgramData\0ea02m0hl3
[2012/01/06 11:12:02 | 000,083,374 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1232_from_Best_Insulation_3884.pdf
[2012/01/06 11:11:30 | 000,083,287 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1234_from_Best_Insulation_3884.pdf
[2012/01/05 15:28:48 | 000,042,513 | ---- | M] () -- C:\Users\T-Bone\Documents\Estimate_1003_from_Best_Insulation (2).pdf
[2011/12/29 10:13:57 | 000,087,480 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1219_from_Best_Insulation_2220.pdf
[2011/12/28 15:57:07 | 000,083,458 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1218_from_Best_Insulation_2428.pdf
[2011/12/28 15:56:48 | 000,081,793 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1220_from_Best_Insulation_2540.pdf
[2011/12/28 15:35:36 | 000,081,631 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1198_from_Best_Insulation_2428.pdf
[2011/12/20 20:15:05 | 000,034,174 | ---- | M] () -- C:\Users\T-Bone\Documents\best cert.pdf
[2011/12/20 15:18:58 | 000,081,943 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1211_from_Best_Insulation_4212.pdf
[2011/12/20 11:54:12 | 000,084,429 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1212_from_Best_Insulation_4212 (2).pdf
[2011/12/19 15:50:11 | 000,191,237 | ---- | M] () -- C:\Users\T-Bone\Documents\R-value.pdf
[2011/12/19 15:13:58 | 000,628,464 | ---- | M] () -- C:\Users\T-Bone\Documents\Fiberglass Air leakage.pdf
[2011/12/19 15:04:15 | 000,025,818 | ---- | M] () -- C:\Users\T-Bone\Documents\Fiberglass R-Value 2.pdf
[2011/12/19 14:59:57 | 000,164,293 | ---- | M] () -- C:\Users\T-Bone\Documents\Fiberglass R-Value.pdf
[20 C:\Users\T-Bone\Documents\*.tmp files -> C:\Users\T-Bone\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 12:29:52 | 002,190,274 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/12 12:29:50 | 000,816,016 | ---- | C] () -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/01/12 12:29:50 | 000,452,872 | ---- | C] () -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/01/12 12:29:24 | 000,331,368 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/01/12 12:29:24 | 000,136,168 | ---- | C] () -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/01/12 12:29:02 | 000,257,232 | ---- | C] () -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/01/12 12:28:58 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/01/12 12:28:55 | 000,092,896 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/01/12 10:57:36 | 000,308,746 | ---- | C] () -- C:\Users\T-Bone\Documents\spray foam fig.pdf
[2012/01/11 11:36:42 | 000,308,682 | ---- | C] () -- C:\Users\T-Bone\Documents\Spray Rig for Sale.pdf
[2012/01/11 11:03:09 | 000,302,136 | ---- | C] () -- C:\Users\T-Bone\Documents\photo 1.jpg
[2012/01/11 11:02:29 | 000,105,997 | ---- | C] () -- C:\Users\T-Bone\Documents\photo 23.jpg
[2012/01/11 09:25:17 | 000,090,355 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1092_from_Best_Insulation_1092.pdf
[2012/01/11 09:25:08 | 000,083,074 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1212_from_Best_Insulation_1092.pdf
[2012/01/11 09:24:55 | 000,083,023 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1236_from_Best_Insulation_1092.pdf
[2012/01/11 09:24:42 | 000,082,882 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1237_from_Best_Insulation_1092.pdf
[2012/01/09 11:03:57 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 11:12:02 | 000,083,374 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1232_from_Best_Insulation_3884.pdf
[2012/01/06 11:11:30 | 000,083,287 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1234_from_Best_Insulation_3884.pdf
[2012/01/06 11:07:09 | 000,011,528 | -HS- | C] () -- C:\Users\T-Bone\AppData\Local\0ea02m0hl3
[2012/01/06 11:07:09 | 000,011,528 | -HS- | C] () -- C:\ProgramData\0ea02m0hl3
[2012/01/05 15:28:48 | 000,042,513 | ---- | C] () -- C:\Users\T-Bone\Documents\Estimate_1003_from_Best_Insulation (2).pdf
[2011/12/29 21:22:33 | 000,846,681 | ---- | C] () -- C:\Users\T-Bone\Desktop\PICT0263.JPG
[2011/12/29 10:13:57 | 000,087,480 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1219_from_Best_Insulation_2220.pdf
[2011/12/28 15:57:07 | 000,083,458 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1218_from_Best_Insulation_2428.pdf
[2011/12/28 15:56:48 | 000,081,793 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1220_from_Best_Insulation_2540.pdf
[2011/12/28 15:35:36 | 000,081,631 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1198_from_Best_Insulation_2428.pdf
[2011/12/20 20:15:05 | 000,034,174 | ---- | C] () -- C:\Users\T-Bone\Documents\best cert.pdf
[2011/12/20 15:18:58 | 000,081,943 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1211_from_Best_Insulation_4212.pdf
[2011/12/20 11:54:12 | 000,084,429 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1212_from_Best_Insulation_4212 (2).pdf
[2011/12/19 15:50:07 | 000,191,237 | ---- | C] () -- C:\Users\T-Bone\Documents\R-value.pdf
[2011/12/19 15:13:58 | 000,628,464 | ---- | C] () -- C:\Users\T-Bone\Documents\Fiberglass Air leakage.pdf
[2011/12/19 15:04:15 | 000,025,818 | ---- | C] () -- C:\Users\T-Bone\Documents\Fiberglass R-Value 2.pdf
[2011/12/19 14:59:57 | 000,164,293 | ---- | C] () -- C:\Users\T-Bone\Documents\Fiberglass R-Value.pdf
[2011/12/16 16:02:46 | 000,000,000 | ---- | C] () -- C:\ProgramData\JwPDf2T.dat
[2011/11/02 15:16:48 | 000,172,608 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/25 23:06:01 | 000,000,680 | ---- | C] () -- C:\Users\T-Bone\AppData\Local\d3d9caps.dat
[2011/03/02 08:33:38 | 000,011,960 | -HS- | C] () -- C:\Users\T-Bone\AppData\Local\1051646004
[2011/03/02 08:33:38 | 000,011,960 | -HS- | C] () -- C:\ProgramData\1051646004
[2010/11/18 20:53:16 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/18 20:53:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/17 14:29:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\F7DE9B23BA.sys
[2009/10/17 19:19:05 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/06/29 14:38:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/06/29 14:38:57 | 000,000,088 | RHS- | C] () -- C:\ProgramData\53AEB581B9.sys
[2009/03/31 08:21:55 | 000,821,184 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/01 23:06:32 | 000,165,503 | ---- | C] () -- C:\Windows\hphins25.dat
[2008/08/22 12:00:06 | 000,029,600 | ---- | C] () -- C:\Windows\SysWow64\mxntdfg.exe
[2008/08/05 09:02:46 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\apexchanger.exe
[2008/08/05 09:02:46 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\apex3gp.exe
[2008/08/05 09:02:45 | 004,755,968 | ---- | C] () -- C:\Windows\SysWow64\apexconverter.exe
[2008/08/05 09:02:45 | 003,138,048 | ---- | C] () -- C:\Windows\SysWow64\apexxbox.exe
[2008/08/05 09:02:45 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AddiTunes.exe
[2008/08/05 09:02:44 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2008/08/05 09:02:44 | 000,007,196 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP_AAC.ini
[2008/08/05 09:02:44 | 000,006,490 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PSP.ini
[2008/08/05 09:02:44 | 000,005,028 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP2_AAC.ini
[2008/08/05 09:02:44 | 000,004,296 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_Zune.ini
[2008/08/05 09:02:44 | 000,003,045 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_iPod.ini
[2008/08/05 09:02:44 | 000,002,956 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PMP.ini
[2008/08/05 09:02:44 | 000,002,910 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP_AMR.ini
[2008/08/05 09:02:44 | 000,002,516 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PPC.ini
[2008/08/05 09:02:44 | 000,002,175 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_iPhone.ini
[2008/08/05 09:02:44 | 000,001,964 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP2_QVGA_AAC.ini
[2008/08/05 09:02:44 | 000,001,964 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP2_QCIF_AAC.ini
[2008/08/05 09:02:44 | 000,001,878 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_Xbox.ini
[2008/08/05 09:02:44 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QVGA_AMR.ini
[2008/08/05 09:02:44 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QVGA_AAC.ini
[2008/08/05 09:02:44 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QCIF_AMR.ini
[2008/08/05 09:02:44 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QCIF_AAC.ini
[2008/08/05 09:02:44 | 000,001,739 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_AppleTV.ini
[2008/08/05 09:02:44 | 000,000,036 | ---- | C] () -- C:\Windows\SysWow64\INI_Add_mfra.ini
[2008/08/05 09:02:42 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2008/08/05 08:14:34 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/08/02 20:19:52 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/02 20:19:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/06/26 09:31:07 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/06/09 14:10:36 | 000,005,632 | ---- | C] () -- C:\Users\T-Bone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/08 21:24:19 | 000,000,185 | ---- | C] () -- C:\Windows\SysWow64\msblcd32.dll
[2008/06/08 01:39:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/06/07 22:57:27 | 000,000,732 | ---- | C] () -- C:\Users\T-Bone\AppData\Local\d3d9caps64.dat
[2008/05/22 23:33:46 | 000,000,795 | ---- | C] () -- C:\Windows\hphmdl25.dat
[2008/02/11 18:46:56 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2008/02/11 18:46:56 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2008/02/11 18:46:56 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 09:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/09/17 14:00:55 | 000,266,327 | ---- | C] () -- C:\Windows\SysWow64\ADErrorHandling.dll
[2002/09/10 09:10:05 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


Extras

OTL Extras logfile created on: 1/16/2012 1:50:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\T-Bone\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.42% Memory free
8.16 Gb Paging File | 5.93 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.81 Gb Total Space | 103.34 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

Computer Name: T-BONE-PC | User Name: T-Bone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{53A09F62-59F3-458A-9427-EEC6EEA41F85}" = lport=7939 | protocol=6 | dir=in | name=planswift |
"{70BC0C6A-BB99-4ECB-BD57-DA4CD6D29906}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8153EB59-7059-417D-9D87-97852C61AA1A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FC090EF6-4DC6-4C3A-BFF9-7ADE339A0CDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{130A63C1-5E3A-4254-ABB4-1678B398F0A2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18493503-F43C-419A-98E1-1CC5D5CA867D}" = protocol=17 | dir=in | app=c:\program files (x86)\planswift9\planswift.exe |
"{1F096432-31ED-476A-B552-8941793A80C4}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{250B29E9-87C5-4CA5-B3C6-E54D22F1A7AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28147BCC-F30E-40AE-8EDF-BB42503EB52C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2943B1D8-DB9B-45A0-B460-9FA0A10C9A96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2F9FDC92-4A59-44CE-8007-2D604BD8A4BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{31AF1718-AD0B-449B-8A49-9AA991504839}" = protocol=6 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{36254ADF-8B23-48BE-A432-486EA9F42295}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3EE73463-E498-4F97-970F-D753DB4C28E4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{40D89C07-618F-43C7-9EB4-D0C170D98AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4222B778-5C63-4D38-A2EE-EAD563A9089D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43DE67F6-7A16-4DBD-A67C-1D390F7EF426}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{46FC78FF-F540-4EC7-9117-B24520E790C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{48F706D3-EDDA-46E8-914F-DF7CEC90921A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{4A0499B7-9A84-4939-AD60-3A3312420B09}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{5224C4C7-860A-4006-B1B7-57936F7BE96C}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{582BB4D2-3877-4688-AA30-B4CF7037239B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5AB5B636-E840-45F8-8F9B-CF1F00EE747F}" = protocol=6 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6135EEAB-2A1D-4946-A6F0-2AF46FDAA26B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{671E8051-E77F-4BEE-9813-DE45A6C84400}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{68D8651C-D64D-4A95-BF91-28ABF9DFD304}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C309EC3-CD22-4DAE-8C86-4F0D0773D7CE}" = protocol=17 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6FB9A952-634F-4C83-A725-8F880200645E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{77EDA8A2-D1CF-4B9F-970F-429582EB9216}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{8169EABF-9D1A-4F4D-AD78-30613D641C5B}" = protocol=6 | dir=in | app=c:\program files (x86)\planswift9\planswift.exe |
"{83FECD9E-B302-4659-B260-2C244CD2A336}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{84790AE0-27C5-4B47-ADAA-395C9465DCD7}" = protocol=6 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{84EAE346-1B41-4113-9FAE-34A4873171DD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{87D99E9E-20A4-4C84-B437-4CE50B58B8CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{895182DD-3F86-4288-80C8-3193E0C7FAF1}" = protocol=6 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9EC808FE-C9DF-4B70-937E-4C09987D9734}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A1083A1B-5F99-4774-8160-9CCF9A4E5527}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{A86045D3-0F9E-4A5E-88B3-BEBB5D6A271D}" = protocol=17 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{B36FE0DA-353B-4C30-BA88-39660979879A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CB7F41E1-3983-4556-8ECA-EE19CF683146}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE00C2FB-7B62-4AFA-A9AB-B52A58C4876C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CE4D0119-21BA-4A42-923E-C7B13ACA831C}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{D1170005-463E-49AB-A16D-66E73E235B51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{D821B398-C49C-41DD-A507-81D0F8535F8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E1294B4F-F0AB-4C26-B47B-3FB9F6E2ADC9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EC63735D-78BA-41B9-A298-12E748814563}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{F8798E37-5629-4616-A335-EC602BA6FD59}" = protocol=17 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F8E95BAF-B4F4-45C3-A04C-5836F9DB3A5A}" = protocol=17 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{0342AEBA-5F6B-4AD0-96C9-5F3D8053C7DD}C:\program files (x86)\promise nas utility\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\promise nas utility\jre\bin\javaw.exe |
"TCP Query User{087A5D79-3591-4622-B279-59D6D82EA526}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{32C14921-CB7A-4F56-9AB7-D5E4AA0AA02A}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{7BDAA8B3-A729-41DF-B06C-4D4D2B0D8CEB}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"TCP Query User{7C967D01-A960-4EEA-9546-36756EB89A97}C:\program files (x86)\promise nas utility\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\promise nas utility\jre\bin\javaw.exe |
"TCP Query User{F249DDF0-4218-4F16-9DB3-3BB6BFDC9006}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"TCP Query User{FCBCF1FD-2374-44F1-B1D1-0384B91D8676}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{11FACF6E-5D55-429E-805E-FDA4DED1E1B6}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{24C0452D-50DB-42DD-B2B1-B93D07AB5B52}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{38D8C519-058A-4D58-B004-E5C329957897}C:\program files (x86)\promise nas utility\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\promise nas utility\jre\bin\javaw.exe |
"UDP Query User{58664A83-59D3-48F4-A2DE-DF6579793183}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"UDP Query User{C452ABAC-53B6-4642-814D-B8ECE6FEBB1B}C:\program files (x86)\promise nas utility\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\promise nas utility\jre\bin\javaw.exe |
"UDP Query User{F72E71F8-2D73-4D2C-8CC1-F3A4148A68D1}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"UDP Query User{FB39431B-3B4F-44A0-8FAC-CBF06500B6F4}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"UltSounds" = Windows Sound Schemes

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{19A71C4F-94D9-44EA-AC98-FF8A045273AB}" = iSqFt Full Viewer V4.01
"{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}" = ACT! by Sage 2009 (11.0)
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 8 Professional
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54A7051C-F076-4F31-BD15-24B028511953}" = Promise NAS Utility
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C7D7ED8-2854-4ABA-9A89-CFB7857B9084}" = Vista Battery Saver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5E6A84F-2064-40D2-85C4-CE97B76ACECE}" = VitalSource Bookshelf
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.10
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.7
"Google Chrome" = Google Chrome
"InstallShield_{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}" = ACT! by Sage 2009 (11.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PlanSwift 9_is1" = PlanSwift Professional 9.0
"Spyware Doctor" = Spyware Doctor 8.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft Video Converter Platinum" = Xilisoft Video Converter Platinum
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:58 PM

Posted 18 January 2012 - 12:20 AM

Hi!

Please run this tool:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 bigbadbuck87

bigbadbuck87
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 18 January 2012 - 11:50 AM

ComboFix 12-01-18.02 - T-Bone 01/18/2012 8:26.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4085.1048 [GMT -6:00]
Running from: c:\users\T-Bone\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\T-Bone\AppData\Roaming\Microsoft\AddIns\SwiftXL9.dll
c:\users\T-Bone\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\T-Bone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\T-Bone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\T-Bone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\searchplugins\bing-zugo.xml
c:\users\T-Bone\Desktop\System Fix.lnk
c:\users\T-Bone\Documents\~WRL0328.tmp
c:\users\T-Bone\Documents\~WRL0575.tmp
c:\users\T-Bone\Documents\~WRL0871.tmp
c:\users\T-Bone\Documents\~WRL1027.tmp
c:\users\T-Bone\Documents\~WRL1719.tmp
c:\users\T-Bone\Documents\~WRL1955.tmp
c:\users\T-Bone\Documents\~WRL2084.tmp
c:\users\T-Bone\Documents\~WRL2120.tmp
c:\users\T-Bone\Documents\~WRL2158.tmp
c:\users\T-Bone\Documents\~WRL2884.tmp
c:\users\T-Bone\Documents\~WRL3102.tmp
c:\users\T-Bone\Documents\~WRL3154.tmp
c:\users\T-Bone\Documents\~WRL3476.tmp
c:\users\T-Bone\Documents\~WRL3480.tmp
c:\users\T-Bone\Documents\~WRL3508.tmp
c:\users\T-Bone\Documents\~WRL3796.tmp
c:\users\T-Bone\Documents\~WRL3809.tmp
c:\users\T-Bone\Documents\~WRL3815.tmp
c:\users\T-Bone\Documents\~WRL3827.tmp
c:\users\T-Bone\Documents\~WRL3832.tmp
c:\users\T-Bone\GoToAssistDownloadHelper.exe
c:\windows\PFRO.log
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 15:32 . 2012-01-18 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-16 16:03 . 2012-01-16 16:03 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-16 15:49 . 2012-01-16 15:49 -------- d-----w- c:\windows\Intuit
2012-01-12 18:29 . 2010-07-16 20:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-01-12 18:29 . 2010-06-29 16:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-01-12 18:29 . 2010-11-17 16:20 331368 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-01-12 18:29 . 2010-11-17 16:20 136168 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-01-12 18:29 . 2010-11-25 16:43 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-01-12 18:28 . 2010-11-25 16:42 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-01-12 18:28 . 2012-01-17 03:18 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-01-12 18:28 . 2012-01-12 18:35 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-12 18:28 . 2012-01-12 18:28 -------- d-----w- c:\programdata\PC Tools
2012-01-12 18:28 . 2012-01-12 18:28 -------- d-----w- c:\users\T-Bone\AppData\Roaming\PC Tools
2012-01-03 19:59 . 2012-01-03 19:59 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-03 19:59 . 2012-01-03 19:59 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-03 19:59 . 2012-01-03 19:59 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-03 19:59 . 2012-01-03 19:59 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 15:40 . 2009-06-29 20:38 952 --sha-w- c:\programdata\KGyGaAvL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"VirusScannerPro"="c:\progra~2\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-02-24 28672]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2009-02-24 393216]
"ACTSchedulerUI"="c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" [2009-02-24 503808]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-07-01 148888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2009-02-24 81920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 20:28]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 20:28]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-723744364-3269971947-1814937133-1000Core.job
- c:\users\T-Bone\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-10 16:03]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-723744364-3269971947-1814937133-1000UA.job
- c:\users\T-Bone\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-10 16:03]
.
2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{A4979C7E-2576-4D8E-AA62-362B718A0168}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray64.exe" [2007-05-06 424448]
"combofix"="c:\combofix\CF7626.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=0F1634C5CEA442D2BC3DE102A328A6D5&machine_id=a83e18534b16795caa7bc67a7cd1f49a&browser=IE&os=win&os_version=6.0-x64-SP1
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: isqft.com\www
Trusted Zone: isqft.com\www
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://lf.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=0F1634C5CEA442D2BC3DE102A328A6D5&machine_id=a83e18534b16795caa7bc67a7cd1f49a&browser=FF&os=win&os_version=6.0-x64-SP1&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\AVANQU~1\Fix-It\mxtask.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\progra~2\AVANQU~1\Fix-It\mxtask.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
.
**************************************************************************
.
Completion time: 2012-01-18 10:11:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-18 16:11
.
Pre-Run: 114,290,888,704 bytes free
Post-Run: 113,019,023,360 bytes free
.
- - End Of File - - 6C1B146391E87A459B0552411F3379DF

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:58 PM

Posted 19 January 2012 - 02:05 AM

Hi bigbadbuck87!

Please let me know how things are running in your next reply.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 bigbadbuck87

bigbadbuck87
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 19 January 2012 - 10:19 AM

Hey Agent ST, I should have said to call me Travis from the beginning. My computer is running better. The Combofix seems to have helped out the most as it corrected my start menu screen which had been formatted incorrectly since all of this started. However, I am still getting the google redirect and my CPU still seems to be running high, between 75-100%, when I'm doing nothing on the computer. The malwarebytes did not find any infections, and all of the logs are listed below. Thank you for all of the help!

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.01

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
T-Bone :: T-BONE-PC [administrator]

1/19/2012 8:15:51 AM
mbam-log-2012-01-19 (08-15-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187921
Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)




OTL logfile created on: 1/19/2012 9:03:25 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\T-Bone\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 3.27 Gb Available Physical Memory | 82.08% Memory free
8.15 Gb Paging File | 7.54 Gb Available in Paging File | 92.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.81 Gb Total Space | 104.34 Gb Free Space | 44.82% Space Free | Partition Type: NTFS
Drive D: | 505.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: T-BONE-PC | User Name: T-Bone | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 08:52:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\T-Bone\Desktop\OTL(1).exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/05/06 16:11:38 | 000,112,128 | R--- | M] () [Auto | Stopped] -- C:\Windows\SysNative\STacSV64.exe -- (STacSV)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/02/24 12:05:15 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2008/08/26 15:14:42 | 000,152,832 | ---- | M] (Avanquest North America, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | R--- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | R--- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | R--- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | R--- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | R--- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/11 18:48:28 | 007,709,056 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 20:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:46:33 | 000,214,016 | R--- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 20:46:05 | 001,523,712 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 20:46:05 | 000,724,480 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 20:46:02 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/10 16:03:00 | 000,266,624 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2007/05/06 16:12:02 | 000,388,096 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) SigmaTel High Definition Audio CODEC (for 64-bit Windows)
DRV:64bit: - [2007/03/05 09:55:48 | 000,012,288 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2006/11/18 12:07:48 | 000,055,296 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/11/17 16:49:52 | 000,052,224 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2006/11/16 00:59:52 | 000,053,760 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | R--- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2007/08/02 15:02:00 | 000,199,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\tmxpflt.sys -- (tmxpflt)
DRV - [2007/08/02 15:02:00 | 000,032,528 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\tmpreflt.sys -- (tmpreflt)
DRV - [2007/08/02 15:01:48 | 001,052,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Avanquest\Fix-It\Vsapint.sys -- (Vsapint)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=0F1634C5CEA442D2BC3DE102A328A6D5&machine_id=a83e18534b16795caa7bc67a7cd1f49a&browser=IE&os=win&os_version=6.0-x64-SP1
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://lf.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=4000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110712&user_guid=0F1634C5CEA442D2BC3DE102A328A6D5&machine_id=a83e18534b16795caa7bc67a7cd1f49a&browser=FF&os=win&os_version=6.0-x64-SP1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\T-Bone\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\T-Bone\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/01 23:11:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/03 13:59:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/01 10:24:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/01 23:11:37 | 000,000,000 | ---D | M]

[2009/09/14 06:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Extensions
[2012/01/18 09:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions
[2010/07/26 19:04:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/16 21:47:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\T-Bone\AppData\Roaming\Mozilla\Firefox\Profiles\6mhhd0jm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/11/12 16:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/03 13:59:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2011/11/02 13:47:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/24 12:39:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/12 16:18:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\T-Bone\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\T-Bone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\T-Bone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

O1 HOSTS File: ([2012/01/18 09:39:09 | 000,000,027 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [ACTSchedulerUI] "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirusScannerPro] C:\Program Files (x86)\Avanquest\Fix-It\MemCheck.exe (Avanquest North America, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-723744364-3269971947-1814937133-1000\..Trusted Domains: isqft.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B41F8BA-8E87-426B-A782-9BE55269CF8F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B62C57C-7D05-4BDD-9552-5C9237937523}: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B25B9D96-A292-4FD4-865B-635BF4C65CEA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEFBEC2C-0DE7-424A-A4D6-A775E6262DD3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/19 22:31:38 | 000,000,037 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 08:52:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\T-Bone\Desktop\OTL(1).exe
[2012/01/18 14:06:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/18 10:12:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/18 08:16:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/18 08:16:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/18 08:16:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/18 08:15:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/18 08:15:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/18 08:12:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/18 08:10:15 | 004,387,018 | R--- | C] (Swearware) -- C:\Users\T-Bone\Desktop\ComboFix.exe
[2012/01/16 13:47:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\T-Bone\Desktop\OTL.exe
[2012/01/16 10:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/01/16 09:49:42 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2012/01/14 20:08:06 | 001,974,064 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\T-Bone\Desktop\sdfs.com.exe
[2012/01/12 12:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\Users\T-Bone\AppData\Roaming\PC Tools
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/12 12:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/20 15:27:45 | 000,000,000 | ---D | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2012/01/23 20:46:46 | 000,846,681 | ---- | M] () -- C:\Users\T-Bone\Desktop\PICT0263.JPG
[2012/01/19 09:01:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 08:55:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4979C7E-2576-4D8E-AA62-362B718A0168}.job
[2012/01/19 08:52:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\T-Bone\Desktop\OTL(1).exe
[2012/01/19 08:17:07 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 08:15:00 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/01/19 08:14:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 08:13:45 | 581,149,799 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/18 18:58:38 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-723744364-3269971947-1814937133-1000UA.job
[2012/01/18 16:21:15 | 000,079,331 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1244_from_Best_Insulation_2280.pdf
[2012/01/18 14:14:25 | 000,003,712 | R--- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 14:14:25 | 000,003,712 | R--- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 13:57:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-723744364-3269971947-1814937133-1000Core.job
[2012/01/18 09:39:09 | 000,000,027 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/18 08:10:18 | 004,387,018 | R--- | M] (Swearware) -- C:\Users\T-Bone\Desktop\ComboFix.exe
[2012/01/16 15:43:13 | 000,218,075 | ---- | M] () -- C:\Users\T-Bone\Desktop\image(4).jpeg
[2012/01/16 15:43:11 | 000,200,639 | ---- | M] () -- C:\Users\T-Bone\Desktop\image(3).jpeg
[2012/01/16 15:42:56 | 000,153,527 | ---- | M] () -- C:\Users\T-Bone\Desktop\image(2).jpeg
[2012/01/16 15:42:51 | 000,175,357 | ---- | M] () -- C:\Users\T-Bone\Desktop\image(1).jpeg
[2012/01/16 15:42:43 | 000,164,568 | ---- | M] () -- C:\Users\T-Bone\Desktop\image.jpeg
[2012/01/16 13:47:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\T-Bone\Desktop\OTL.exe
[2012/01/16 13:18:32 | 000,000,732 | ---- | M] () -- C:\Users\T-Bone\AppData\Local\d3d9caps64.dat
[2012/01/16 10:46:58 | 000,821,184 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/16 10:46:58 | 000,690,482 | R--- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/16 10:46:58 | 000,137,216 | R--- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/16 10:46:43 | 000,821,184 | R--- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/14 20:08:06 | 001,974,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\T-Bone\Desktop\sdfs.com.exe
[2012/01/12 12:30:43 | 002,190,274 | R--- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/12 12:28:58 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/01/12 10:57:39 | 000,308,746 | ---- | M] () -- C:\Users\T-Bone\Documents\spray foam fig.pdf
[2012/01/11 11:36:45 | 000,308,682 | ---- | M] () -- C:\Users\T-Bone\Documents\Spray Rig for Sale.pdf
[2012/01/11 11:03:10 | 000,302,136 | ---- | M] () -- C:\Users\T-Bone\Documents\photo 1.jpg
[2012/01/11 11:02:30 | 000,105,997 | ---- | M] () -- C:\Users\T-Bone\Documents\photo 23.jpg
[2012/01/11 09:25:17 | 000,090,355 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1092_from_Best_Insulation_1092.pdf
[2012/01/11 09:25:08 | 000,083,074 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1212_from_Best_Insulation_1092.pdf
[2012/01/11 09:24:55 | 000,083,023 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1236_from_Best_Insulation_1092.pdf
[2012/01/11 09:24:42 | 000,082,882 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1237_from_Best_Insulation_1092.pdf
[2012/01/09 11:03:57 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 10:23:12 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/09 10:02:43 | 000,011,528 | -HS- | M] () -- C:\Users\T-Bone\AppData\Local\0ea02m0hl3
[2012/01/09 10:02:43 | 000,011,528 | -HS- | M] () -- C:\ProgramData\0ea02m0hl3
[2012/01/06 11:12:02 | 000,083,374 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1232_from_Best_Insulation_3884.pdf
[2012/01/06 11:11:30 | 000,083,287 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1234_from_Best_Insulation_3884.pdf
[2012/01/05 15:28:48 | 000,042,513 | ---- | M] () -- C:\Users\T-Bone\Documents\Estimate_1003_from_Best_Insulation (2).pdf
[2011/12/29 10:13:57 | 000,087,480 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1219_from_Best_Insulation_2220.pdf
[2011/12/28 15:57:07 | 000,083,458 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1218_from_Best_Insulation_2428.pdf
[2011/12/28 15:56:48 | 000,081,793 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1220_from_Best_Insulation_2540.pdf
[2011/12/28 15:35:36 | 000,081,631 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1198_from_Best_Insulation_2428.pdf
[2011/12/20 20:15:05 | 000,034,174 | ---- | M] () -- C:\Users\T-Bone\Documents\best cert.pdf
[2011/12/20 15:18:58 | 000,081,943 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1211_from_Best_Insulation_4212.pdf
[2011/12/20 11:54:12 | 000,084,429 | ---- | M] () -- C:\Users\T-Bone\Documents\Est_1212_from_Best_Insulation_4212 (2).pdf

========== Files Created - No Company Name ==========

[2012/01/18 16:21:15 | 000,079,331 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1244_from_Best_Insulation_2280.pdf
[2012/01/18 08:16:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/18 08:16:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/18 08:16:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/18 08:16:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/18 08:16:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/16 15:43:15 | 000,218,075 | ---- | C] () -- C:\Users\T-Bone\Desktop\image(4).jpeg
[2012/01/16 15:43:11 | 000,200,639 | ---- | C] () -- C:\Users\T-Bone\Desktop\image(3).jpeg
[2012/01/16 15:42:58 | 000,153,527 | ---- | C] () -- C:\Users\T-Bone\Desktop\image(2).jpeg
[2012/01/16 15:42:52 | 000,175,357 | ---- | C] () -- C:\Users\T-Bone\Desktop\image(1).jpeg
[2012/01/16 15:42:47 | 000,164,568 | ---- | C] () -- C:\Users\T-Bone\Desktop\image.jpeg
[2012/01/12 12:29:52 | 002,190,274 | R--- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/12 12:29:50 | 000,816,016 | R--- | C] () -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/01/12 12:29:50 | 000,452,872 | R--- | C] () -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/01/12 12:29:24 | 000,331,368 | R--- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/01/12 12:29:24 | 000,136,168 | R--- | C] () -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/01/12 12:29:02 | 000,257,232 | R--- | C] () -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/01/12 12:28:58 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/01/12 12:28:55 | 000,092,896 | R--- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/01/12 10:57:36 | 000,308,746 | ---- | C] () -- C:\Users\T-Bone\Documents\spray foam fig.pdf
[2012/01/11 11:36:42 | 000,308,682 | ---- | C] () -- C:\Users\T-Bone\Documents\Spray Rig for Sale.pdf
[2012/01/11 11:03:09 | 000,302,136 | ---- | C] () -- C:\Users\T-Bone\Documents\photo 1.jpg
[2012/01/11 11:02:29 | 000,105,997 | ---- | C] () -- C:\Users\T-Bone\Documents\photo 23.jpg
[2012/01/11 09:25:17 | 000,090,355 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1092_from_Best_Insulation_1092.pdf
[2012/01/11 09:25:08 | 000,083,074 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1212_from_Best_Insulation_1092.pdf
[2012/01/11 09:24:55 | 000,083,023 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1236_from_Best_Insulation_1092.pdf
[2012/01/11 09:24:42 | 000,082,882 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1237_from_Best_Insulation_1092.pdf
[2012/01/09 11:03:57 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 11:12:02 | 000,083,374 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1232_from_Best_Insulation_3884.pdf
[2012/01/06 11:11:30 | 000,083,287 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1234_from_Best_Insulation_3884.pdf
[2012/01/06 11:07:09 | 000,011,528 | -HS- | C] () -- C:\Users\T-Bone\AppData\Local\0ea02m0hl3
[2012/01/06 11:07:09 | 000,011,528 | -HS- | C] () -- C:\ProgramData\0ea02m0hl3
[2012/01/05 15:28:48 | 000,042,513 | ---- | C] () -- C:\Users\T-Bone\Documents\Estimate_1003_from_Best_Insulation (2).pdf
[2011/12/29 21:22:33 | 000,846,681 | ---- | C] () -- C:\Users\T-Bone\Desktop\PICT0263.JPG
[2011/12/29 10:13:57 | 000,087,480 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1219_from_Best_Insulation_2220.pdf
[2011/12/28 15:57:07 | 000,083,458 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1218_from_Best_Insulation_2428.pdf
[2011/12/28 15:56:48 | 000,081,793 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1220_from_Best_Insulation_2540.pdf
[2011/12/28 15:35:36 | 000,081,631 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1198_from_Best_Insulation_2428.pdf
[2011/12/20 20:15:05 | 000,034,174 | ---- | C] () -- C:\Users\T-Bone\Documents\best cert.pdf
[2011/12/20 15:18:58 | 000,081,943 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1211_from_Best_Insulation_4212.pdf
[2011/12/20 11:54:12 | 000,084,429 | ---- | C] () -- C:\Users\T-Bone\Documents\Est_1212_from_Best_Insulation_4212 (2).pdf
[2011/12/16 16:02:46 | 000,000,000 | ---- | C] () -- C:\ProgramData\JwPDf2T.dat
[2011/11/02 15:16:48 | 000,172,608 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/25 23:06:01 | 000,000,680 | ---- | C] () -- C:\Users\T-Bone\AppData\Local\d3d9caps.dat
[2011/03/02 08:33:38 | 000,011,960 | -HS- | C] () -- C:\Users\T-Bone\AppData\Local\1051646004
[2011/03/02 08:33:38 | 000,011,960 | -HS- | C] () -- C:\ProgramData\1051646004
[2010/11/18 20:53:16 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/18 20:53:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/17 14:29:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\F7DE9B23BA.sys
[2009/10/17 19:19:05 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/06/29 14:38:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/06/29 14:38:57 | 000,000,088 | RHS- | C] () -- C:\ProgramData\53AEB581B9.sys
[2009/03/31 08:21:55 | 000,821,184 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/12/01 23:06:32 | 000,165,503 | ---- | C] () -- C:\Windows\hphins25.dat
[2008/08/22 12:00:06 | 000,029,600 | ---- | C] () -- C:\Windows\SysWow64\mxntdfg.exe
[2008/08/05 09:02:46 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\apexchanger.exe
[2008/08/05 09:02:46 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\apex3gp.exe
[2008/08/05 09:02:45 | 004,755,968 | ---- | C] () -- C:\Windows\SysWow64\apexconverter.exe
[2008/08/05 09:02:45 | 003,138,048 | ---- | C] () -- C:\Windows\SysWow64\apexxbox.exe
[2008/08/05 09:02:45 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\AddiTunes.exe
[2008/08/05 09:02:44 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2008/08/05 09:02:44 | 000,007,196 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP_AAC.ini
[2008/08/05 09:02:44 | 000,006,490 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PSP.ini
[2008/08/05 09:02:44 | 000,005,028 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP2_AAC.ini
[2008/08/05 09:02:44 | 000,004,296 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_Zune.ini
[2008/08/05 09:02:44 | 000,003,045 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_iPod.ini
[2008/08/05 09:02:44 | 000,002,956 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PMP.ini
[2008/08/05 09:02:44 | 000,002,910 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_3GP_AMR.ini
[2008/08/05 09:02:44 | 000,002,516 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_PPC.ini
[2008/08/05 09:02:44 | 000,002,175 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_iPhone.ini
[2008/08/05 09:02:44 | 000,001,964 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP2_QVGA_AAC.ini
[2008/08/05 09:02:44 | 000,001,964 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP2_QCIF_AAC.ini
[2008/08/05 09:02:44 | 000,001,878 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_Xbox.ini
[2008/08/05 09:02:44 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QVGA_AMR.ini
[2008/08/05 09:02:44 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QVGA_AAC.ini
[2008/08/05 09:02:44 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QCIF_AMR.ini
[2008/08/05 09:02:44 | 000,001,814 | ---- | C] () -- C:\Windows\SysWow64\INI_QT_3GPP_QCIF_AAC.ini
[2008/08/05 09:02:44 | 000,001,739 | ---- | C] () -- C:\Windows\SysWow64\INI_Pro_AppleTV.ini
[2008/08/05 09:02:44 | 000,000,036 | ---- | C] () -- C:\Windows\SysWow64\INI_Add_mfra.ini
[2008/08/05 09:02:42 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2008/08/05 08:14:34 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/08/02 20:19:52 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/02 20:19:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/06/26 09:31:07 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/06/09 14:10:36 | 000,005,632 | ---- | C] () -- C:\Users\T-Bone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/08 21:24:19 | 000,000,185 | ---- | C] () -- C:\Windows\SysWow64\msblcd32.dll
[2008/06/08 01:39:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/06/07 22:57:27 | 000,000,732 | ---- | C] () -- C:\Users\T-Bone\AppData\Local\d3d9caps64.dat
[2008/05/22 23:33:46 | 000,000,795 | ---- | C] () -- C:\Windows\hphmdl25.dat
[2008/02/11 18:46:56 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2008/02/11 18:46:56 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2008/02/11 18:46:56 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 20:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 09:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/09/17 14:00:55 | 000,266,327 | ---- | C] () -- C:\Windows\SysWow64\ADErrorHandling.dll
[2002/09/10 09:10:05 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 1/19/2012 9:03:25 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\T-Bone\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 3.27 Gb Available Physical Memory | 82.08% Memory free
8.15 Gb Paging File | 7.54 Gb Available in Paging File | 92.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.81 Gb Total Space | 104.34 Gb Free Space | 44.82% Space Free | Partition Type: NTFS
Drive D: | 505.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: T-BONE-PC | User Name: T-Bone | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-723744364-3269971947-1814937133-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{53A09F62-59F3-458A-9427-EEC6EEA41F85}" = lport=7939 | protocol=6 | dir=in | name=planswift |
"{70BC0C6A-BB99-4ECB-BD57-DA4CD6D29906}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8153EB59-7059-417D-9D87-97852C61AA1A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FC090EF6-4DC6-4C3A-BFF9-7ADE339A0CDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{130A63C1-5E3A-4254-ABB4-1678B398F0A2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18493503-F43C-419A-98E1-1CC5D5CA867D}" = protocol=17 | dir=in | app=c:\program files (x86)\planswift9\planswift.exe |
"{1F096432-31ED-476A-B552-8941793A80C4}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{250B29E9-87C5-4CA5-B3C6-E54D22F1A7AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28147BCC-F30E-40AE-8EDF-BB42503EB52C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2943B1D8-DB9B-45A0-B460-9FA0A10C9A96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2F9FDC92-4A59-44CE-8007-2D604BD8A4BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{31AF1718-AD0B-449B-8A49-9AA991504839}" = protocol=6 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{36254ADF-8B23-48BE-A432-486EA9F42295}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3EE73463-E498-4F97-970F-D753DB4C28E4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{40D89C07-618F-43C7-9EB4-D0C170D98AC5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4222B778-5C63-4D38-A2EE-EAD563A9089D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43DE67F6-7A16-4DBD-A67C-1D390F7EF426}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{46FC78FF-F540-4EC7-9117-B24520E790C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{48F706D3-EDDA-46E8-914F-DF7CEC90921A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{4A0499B7-9A84-4939-AD60-3A3312420B09}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{5224C4C7-860A-4006-B1B7-57936F7BE96C}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{582BB4D2-3877-4688-AA30-B4CF7037239B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5AB5B636-E840-45F8-8F9B-CF1F00EE747F}" = protocol=6 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6135EEAB-2A1D-4946-A6F0-2AF46FDAA26B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{671E8051-E77F-4BEE-9813-DE45A6C84400}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{68D8651C-D64D-4A95-BF91-28ABF9DFD304}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C309EC3-CD22-4DAE-8C86-4F0D0773D7CE}" = protocol=17 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6FB9A952-634F-4C83-A725-8F880200645E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{77EDA8A2-D1CF-4B9F-970F-429582EB9216}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{8169EABF-9D1A-4F4D-AD78-30613D641C5B}" = protocol=6 | dir=in | app=c:\program files (x86)\planswift9\planswift.exe |
"{83FECD9E-B302-4659-B260-2C244CD2A336}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{84790AE0-27C5-4B47-ADAA-395C9465DCD7}" = protocol=6 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{84EAE346-1B41-4113-9FAE-34A4873171DD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{87D99E9E-20A4-4C84-B437-4CE50B58B8CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{895182DD-3F86-4288-80C8-3193E0C7FAF1}" = protocol=6 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9EC808FE-C9DF-4B70-937E-4C09987D9734}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A1083A1B-5F99-4774-8160-9CCF9A4E5527}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{A86045D3-0F9E-4A5E-88B3-BEBB5D6A271D}" = protocol=17 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{B36FE0DA-353B-4C30-BA88-39660979879A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CB7F41E1-3983-4556-8ECA-EE19CF683146}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE00C2FB-7B62-4AFA-A9AB-B52A58C4876C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CE4D0119-21BA-4A42-923E-C7B13ACA831C}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{D1170005-463E-49AB-A16D-66E73E235B51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{D821B398-C49C-41DD-A507-81D0F8535F8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E1294B4F-F0AB-4C26-B47B-3FB9F6E2ADC9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EC63735D-78BA-41B9-A298-12E748814563}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{F8798E37-5629-4616-A335-EC602BA6FD59}" = protocol=17 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F8E95BAF-B4F4-45C3-A04C-5836F9DB3A5A}" = protocol=17 | dir=in | app=c:\users\t-bone\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{0342AEBA-5F6B-4AD0-96C9-5F3D8053C7DD}C:\program files (x86)\promise nas utility\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\promise nas utility\jre\bin\javaw.exe |
"TCP Query User{087A5D79-3591-4622-B279-59D6D82EA526}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{32C14921-CB7A-4F56-9AB7-D5E4AA0AA02A}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{7BDAA8B3-A729-41DF-B06C-4D4D2B0D8CEB}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"TCP Query User{7C967D01-A960-4EEA-9546-36756EB89A97}C:\program files (x86)\promise nas utility\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\promise nas utility\jre\bin\javaw.exe |
"TCP Query User{F249DDF0-4218-4F16-9DB3-3BB6BFDC9006}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"TCP Query User{FCBCF1FD-2374-44F1-B1D1-0384B91D8676}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{11FACF6E-5D55-429E-805E-FDA4DED1E1B6}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{24C0452D-50DB-42DD-B2B1-B93D07AB5B52}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{38D8C519-058A-4D58-B004-E5C329957897}C:\program files (x86)\promise nas utility\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\promise nas utility\jre\bin\javaw.exe |
"UDP Query User{58664A83-59D3-48F4-A2DE-DF6579793183}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"UDP Query User{C452ABAC-53B6-4642-814D-B8ECE6FEBB1B}C:\program files (x86)\promise nas utility\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\promise nas utility\jre\bin\javaw.exe |
"UDP Query User{F72E71F8-2D73-4D2C-8CC1-F3A4148A68D1}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
"UDP Query User{FB39431B-3B4F-44A0-8FAC-CBF06500B6F4}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"UltSounds" = Windows Sound Schemes

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{19A71C4F-94D9-44EA-AC98-FF8A045273AB}" = iSqFt Full Viewer V4.01
"{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}" = ACT! by Sage 2009 (11.0)
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 8 Professional
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54A7051C-F076-4F31-BD15-24B028511953}" = Promise NAS Utility
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C7D7ED8-2854-4ABA-9A89-CFB7857B9084}" = Vista Battery Saver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5E6A84F-2064-40D2-85C4-CE97B76ACECE}" = VitalSource Bookshelf
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.10
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.7
"Google Chrome" = Google Chrome
"InstallShield_{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}" = ACT! by Sage 2009 (11.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PlanSwift 9_is1" = PlanSwift Professional 9.0
"Spyware Doctor" = Spyware Doctor 8.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft Video Converter Platinum" = Xilisoft Video Converter Platinum
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#10 bigbadbuck87

bigbadbuck87
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 19 January 2012 - 10:21 AM

Also, I want to get a new malware protection software, which one would you recommend?

Thanks,

Travis

#11 bigbadbuck87

bigbadbuck87
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 19 January 2012 - 10:45 AM

A few other things I've recently noticed. I had been trying to install a new version of quickbooks, and I keep getting a .net framework error. I got the same error when I tired to run OTL. Also, my microsoft updates will not open and neither will my control panel. Just thought those might be useful.

Travis

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:58 PM

Posted 20 January 2012 - 01:38 AM

Hi Travis!

I'm glad to hear that you're missing start menu items re-appeared after runnig ComboFix.

A few other things I've recently noticed. I had been trying to install a new version of quickbooks, and I keep getting a .net framework error. I got the same error when I tired to run OTL. Also, my microsoft updates will not open and neither will my control panel. Just thought those might be useful.

Okay, it sounds like you're still infected. We'll run some new scans below, so I can see what they find.

Also, I want to get a new malware protection software, which one would you recommend?

If you're looking for a free Anti-Virus program, I'd go with Microsoft Security Essentials.

Please do me a favor and run these scans below;

Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 bigbadbuck87

bigbadbuck87
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 20 January 2012 - 09:37 AM

Hey ST, aswMBR.exe will not run in neither normal or safe mode. Suggestions?

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:58 PM

Posted 20 January 2012 - 10:09 AM

Travis,

Are you getting any error messages when you attempt to run aswMBR.exe or is it just not even launching the program to run it?

Can you see if you can get TDSSKiller to run for you?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 bigbadbuck87

bigbadbuck87
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 20 January 2012 - 12:44 PM

Hey ST, I'm not getting an error message, it just won't run. Also, I just tried to run TDSS and it didn't run either, which is kind of weird because it ran fine last time I ran it.

Travis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users