Jump to content

ralvarezjr1

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Dallas, TX
  1. Rebooted the machine and it booted into windows correctly but just started beeping. I shutdown windows but before it was closed Avira said that it had found a virus crypt not sure of what else.
  2. Followed the instructions above and the TDSSKiller program and the program does nothing.
  3. OTL Extras logfile created on: 4/16/2012 11:14:28 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Robert\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 54.96% Memory free 7.16 Gb Paging File | 5.45 Gb Available in Paging File | 76.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 155.67 Gb Free Space | 52.22% Space Free | Partition Type: NTFS Computer Name: ROBERT-D630 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{178BF835-C491-4397-9203-64E66859E528}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe | "{17A090B7-603D-4385-8856-5CEA567E6774}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1A844521-00DC-485E-95BD-BBD3BB12F8E7}" = rport=138 | protocol=17 | dir=out | app=system | "{1E4103AA-E793-4C53-917E-A0643E972801}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3083558E-5AC6-41FE-AC2F-C5FE8C73D219}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{34E9C41A-6062-4DAF-ADFD-B7F64CC3D5AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C78C333-6C26-451C-B56E-82D11CCB892A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{41141C4D-4223-453F-9B0F-D4CFD6910218}" = rport=137 | protocol=17 | dir=out | app=system | "{4A31F599-F00D-4D60-AE8F-A266B03623C1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4A3ED335-F989-4715-BFE0-2AF28BFD1C55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5073D0D8-C75E-451F-A6A8-5D2E5353DD90}" = lport=2869 | protocol=6 | dir=in | app=system | "{528C9138-8D8D-474E-AD42-E217ABA88286}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{52D2AAEF-FC69-4951-A9E5-4D02976F6308}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5587EAE4-8712-4967-A92D-A9F0316C5AB5}" = lport=137 | protocol=17 | dir=in | app=system | "{56F91CDD-2E5B-4E39-B0B9-3E4881F37B83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60891C55-B064-4E4B-BB09-B65A2F6BA9FA}" = rport=445 | protocol=6 | dir=out | app=system | "{705DF82B-F56F-42D9-B831-7F01D232128C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7500E63E-064B-4754-A1B2-E3747C3F2CF6}" = lport=2869 | protocol=6 | dir=in | app=system | "{848625E9-84E9-47F5-8AE0-271C81BFDD30}" = lport=139 | protocol=6 | dir=in | app=system | "{87F6F3D4-AA13-448A-9E36-EF4E0475539C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8CA08EA7-957E-41F5-93CB-1A73A84B89E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8D5B21A3-44C5-44EC-B50D-EF5406154C2A}" = lport=138 | protocol=17 | dir=in | app=system | "{9827E6CC-BB43-4D03-8B3D-65F19B097B33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{993BAF2B-DB9C-4A10-A9BC-481D9AEAD863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9F91641B-1849-458E-AA39-8F8310C7FFBF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{AEBA7712-3BEA-40E6-BD61-1366476DAE79}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe | "{D19C2046-2392-45AB-B472-3AF5CC7CAE86}" = rport=139 | protocol=6 | dir=out | app=system | "{D8E314DC-66A1-462C-971D-C4642E0801EF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{E1321D59-1E7C-4298-B3EF-95BBB0F91F1E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{ED557472-B63F-49D3-96F7-5B3E2F316755}" = rport=10243 | protocol=6 | dir=out | app=system | "{F1A2F41D-8622-4B1D-938D-28E4212F2583}" = lport=445 | protocol=6 | dir=in | app=system | "{F651676D-BF3C-42B4-9AA4-B907D5F75938}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FB80E643-7345-4DB3-B91A-5C7AA697F1F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FFE0B1D6-A60C-45E8-BAE7-C4EAFF21F99D}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{069F5B5C-F221-48C8-B428-47215976B55A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{447CA59B-E6E5-4D5C-AFF9-06FE25EC406F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4615B886-117F-446C-8E8D-5682AFBF2FC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{514DC282-F866-4FC5-885F-8E0DC13FB6B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{63534CC9-32D7-4D02-9C4D-196CA22F874C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{6E401C01-4CAD-41A2-B313-7820688F7063}" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | "{706FEAE7-9282-48AA-9237-A5E2EBFC186A}" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | "{79CD4FD6-F0AA-445D-A44F-D67593BB7A7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7CD578A7-7A8F-42E1-9BE6-AB5F233BC549}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{873F0E5E-2AA3-4259-88E4-920E2835C9D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{883DFAC3-E561-41F8-BB6A-4003D245DD35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8C58222F-7EED-4A90-9053-50B6B0E8E278}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9AAF8839-3862-4D16-90B7-46FC1B12708D}" = protocol=6 | dir=in | app=d:\installer\hpbcsiinstaller.exe | "{9C4388A4-FB85-4982-B34B-307F72FE87DA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{A8B0E603-FD27-4FDB-B99E-2184B1C4E0EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B53321FC-0167-4099-8BBB-13AEF6A12545}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BBE21FA7-8B41-49D3-AB2B-1052B10FEE9C}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | "{C10E0E6F-0DD3-454D-91F4-4F76FB37FB75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8664A4A-24CD-4EE0-8AD6-2EB760AB3084}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | "{CD7E8A25-047F-4263-9741-BE4AFAB4A2D6}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | "{D5CEAF3A-D9F2-49A3-B2C9-A7D955B3EA00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D8CF3C6C-9733-4160-B229-893B14DC91F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DFADB277-6E49-4075-B1B8-72A37DC9D88E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E042C7ED-5BC2-464C-A217-036B902FF39F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E11246DD-49ED-4728-967F-E63617CEBBF4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{E8024B85-2FBE-4BC1-AA48-7CD73B12E56D}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | "{E90BB2F8-2975-493E-AE72-2C272430DA10}" = protocol=6 | dir=out | app=system | "{EFE716A9-EF1D-492E-8C4D-14E990D68229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F76E60AB-31B5-4AE0-A82A-EBC884249DD6}" = protocol=17 | dir=in | app=d:\installer\hpbcsiinstaller.exe | "TCP Query User{006AD60B-DD35-4462-8220-9D891D5CF0F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{1C5D04D1-0EBB-4B22-91C2-8D564DC10AF9}C:\program files\jawbone\jawboneupdater.exe" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | "TCP Query User{33150E2D-7F12-4143-90A5-544D69B9464C}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe | "TCP Query User{3F3AFBA7-C58C-4551-BAB8-F533AC7CAAA2}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe | "TCP Query User{5A774374-B02A-4278-824F-24E233C25392}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "TCP Query User{CEDA8D22-F9E0-4E31-8454-F03B54864ECA}C:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe | "UDP Query User{0C7D072D-E33B-4A23-B43D-CDF4EE76918F}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{20303573-CF23-45CE-AF3F-68DA8BCD81F7}C:\program files\jawbone\jawboneupdater.exe" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | "UDP Query User{255ADB86-789D-483B-AEE2-6AF4E4835D4F}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe | "UDP Query User{55EA76FB-A15D-4257-BAC7-02C405C58C60}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{93A0DFC2-74F6-4553-9596-45DB6BB79B72}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe | "UDP Query User{F78F09CF-711E-4927-B8A1-8FAA06AA5B14}C:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series" = Canon iP100 series "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series "{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04 "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C504B59-FFBF-4A65-9E0E-FE06159CAB9B}" = WD Drive Manager (x86) "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 26 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java SE Development Kit 6 Update 23 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59B13FD3-AD00-4E2C-AE30-0556451EC0DE}" = ScanSnap Organizer "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}" = HPLaserJetHelp_LearnCenter "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71EC91AF-279E-440A-BB0C-AD2C6598F601}" = CardMinder V3.1 "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009 "{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA18EE51-24A5-4748-A5E2-4B035C9A4AB2}" = Canon MP780 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{BFD1277A-1204-4f96-B16E-513CB7565356}" = Canon MF8100 Series "{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23 "{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.1 "{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager "{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI "{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F8DC6B-5591-4F22-BD5D-6CB8AA8D5452}" = hppCP1020LaserJetService "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore "{F66D28D2-0953-4E44-A0C5-0D0CD10BF589}" = SureDocs "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{F93DB94F-0E61-4800-81DF-0CACA6AAF114}" = XSites Desktop "{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced SystemCare 4_is1" = Advanced SystemCare 4 "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Free Antivirus "Canon iP100 series User Registration" = Canon iP100 series User Registration "Canon Setup Utility 2.4" = Canon Setup Utility 2.4 "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "CutePDF Writer Installation" = CutePDF Writer 2.7 "DW WLAN Card Utility" = DW WLAN Card Utility "Evrsoft First Page 2006 Pro_is1" = Evrsoft First Page 2006 "Google Calendar Sync" = Google Calendar Sync "Google Chrome" = Google Chrome "GoToAssist" = GoToAssist 8.0.0.514 "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 1.99.1 "InstallShield_{F93DB94F-0E61-4800-81DF-0CACA6AAF114}" = XSites Desktop "Jawbone Updater" = Jawbone Updater "LawnPro 44.15" = LawnPro 4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US) "MP Navigator 1.0" = Canon MP Navigator 1.0 "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "ProInst" = Intel® PROSet/Wireless Software "Rhapsody" = Rhapsody "Smart Defrag 2_is1" = Smart Defrag 2 "SureDocs_is1" = SureDocs (novaPDF OEM 7.3 printer) "TomTom HOME" = TomTom HOME 2.8.3.2499 "TurboTax 2009" = TurboTax 2009 "TurboTax 2010" = TurboTax 2010 "WebPost" = Microsoft Web Publishing Wizard 1.52 "WinLiveSuite" = Windows Live Essentials "zipForm6" = zipForm6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ClosetMaid v1.5.1" = ClosetMaid v1.5.1 "f031ef6ac137efc5" = Dell Driver Download Manager "GoToMeeting" = GoToMeeting 4.5.0.457 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/16/2012 11:48:54 PM | Computer Name = Robert-D630 | Source = Application Error | ID = 1000 Description = Faulting application HPLaserJetService.exe, version 2.7.397.0, time stamp 0x4bc33882, faulting module hppccompio.dll, version 1.2.0.19, time stamp 0x4bab86d4, exception code 0xc0000417, fault offset 0x000058a9, process id 0xb9c, application start time 0x01cd1c4cf2b0487e. Error - 4/16/2012 11:49:44 PM | Computer Name = Robert-D630 | Source = WinMgmt | ID = 10 Description = Error - 4/16/2012 11:50:55 PM | Computer Name = Robert-D630 | Source = Application Error | ID = 1000 Description = Faulting application HPCP1020STRAY.EXE, version 2010.415.1.19892, time stamp 0x4bc77192, faulting module hppccompio.dll, version 1.2.0.19, time stamp 0x4bab86d4, exception code 0xc0000417, fault offset 0x000058a9, process id 0xffc, application start time 0x01cd1c4cfc9bb63e. Error - 4/16/2012 11:51:38 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:38 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1010 Description = Error - 4/16/2012 11:51:39 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:39 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:40 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:41 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:42 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = [ Broadcom Wireless LAN Events ] Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless Adapter Manager Container) Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:05, Sun, Apr 15, 12 Error - Error in creating key container - -2146893809 (Broadcom Wireless Adapter Manager Container) Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:07, Sun, Apr 15, 12 Error - Error in creating key container - -2146893809 (Broadcom Wireless Adapter Manager Container WORKGROUP\ROBERT-D630$) Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:07, Sun, Apr 15, 12 Error - Cryptography API's do not work on this system. Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:07, Sun, Apr 15, 12 Error - Unable to gain access to user store Error - 4/15/2012 11:51:25 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:25, Sun, Apr 15, 12 Error - Unable to gain access to user store Error - 4/15/2012 11:54:10 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:54:10, Sun, Apr 15, 12 Error - Unable to gain access to user store Error - 4/15/2012 11:54:29 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:54:29, Sun, Apr 15, 12 Error - Unable to get current user admin status [ System Events ] Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7003 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7003 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023 Description = Error - 4/16/2012 11:49:51 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7034 Description = Error - 4/16/2012 11:51:50 PM | Computer Name = Robert-D630 | Source = WMPNetworkSvc | ID = 866293 Description = Error - 4/16/2012 11:52:47 PM | Computer Name = Robert-D630 | Source = WMPNetworkSvc | ID = 866293 Description = Error - 4/16/2012 11:59:06 PM | Computer Name = Robert-D630 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1823.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. < End of report >
  4. OTL logfile created on: 4/16/2012 11:14:28 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Robert\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 54.96% Memory free 7.16 Gb Paging File | 5.45 Gb Available in Paging File | 76.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 155.67 Gb Free Space | 52.22% Space Free | Partition Type: NTFS Computer Name: ROBERT-D630 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/16 23:13:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe PRC - [2012/04/14 09:01:19 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/01/22 23:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012/01/22 23:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010/09/17 12:14:44 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\LawnPro 4\DB\bin\fbserver.exe PRC - [2010/09/14 16:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe PRC - [2010/09/14 14:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2010/07/02 13:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe PRC - [2010/07/02 13:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe PRC - [2010/01/19 12:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe PRC - [2009/11/30 12:31:54 | 004,685,824 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE PRC - [2009/11/30 12:31:54 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE PRC - [2009/11/30 12:31:48 | 004,038,656 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE PRC - [2009/08/07 08:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe PRC - [2009/05/27 11:38:22 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe PRC - [2009/05/27 11:37:44 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/03 17:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin Storage Manager\StorageManager.exe PRC - [2008/02/22 11:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007/03/30 22:14:06 | 001,769,472 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe PRC - [2007/02/16 18:57:24 | 001,945,960 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2007/02/16 18:49:58 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007/02/16 18:45:30 | 001,169,776 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2006/10/09 13:43:18 | 000,036,864 | ---- | M] (PFU Limited.) -- C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe ========== Modules (No Company Name) ========== MOD - [2012/04/11 03:52:57 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll MOD - [2012/04/11 03:49:38 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll MOD - [2012/04/11 03:49:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll MOD - [2012/02/16 04:42:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll MOD - [2012/02/16 04:41:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MOD - [2012/02/16 04:41:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll MOD - [2012/02/16 04:40:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012/02/16 04:39:23 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll MOD - [2012/02/16 04:37:33 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011/10/13 03:44:27 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll MOD - [2011/10/13 03:40:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011/05/28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll MOD - [2009/08/07 08:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll MOD - [2009/08/07 08:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll MOD - [2008/07/31 13:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll MOD - [2008/05/01 12:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll MOD - [2008/01/02 11:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll MOD - [2007/02/27 19:34:32 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll MOD - [2007/02/14 19:21:32 | 000,050,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\gc.dll MOD - [2006/10/12 15:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuUpdater.dll MOD - [2006/05/10 16:18:06 | 000,010,240 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SecurityManager.dll MOD - [2006/05/10 16:18:04 | 000,009,216 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PolicyCommon.dll MOD - [2005/07/22 22:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll MOD - [2005/07/08 11:36:40 | 000,094,208 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\f5bdkedr.dll MOD - [2005/01/19 18:48:00 | 000,028,672 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardPath.dll MOD - [2003/11/20 21:56:18 | 000,294,912 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIplA6.dll MOD - [2003/11/20 21:56:16 | 000,020,480 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIpl.dll MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll MOD - [1996/12/19 13:24:26 | 000,068,608 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\F5BDKAKU.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqvcagent.dll -- (win32sl) SRV - File not found [On_Demand | Stopped] -- -- (SupportSoft RemoteAssist) SRV - File not found [Auto | Stopped] -- C:\Windows\system32\usbnaw32.dll -- (NEC Usb3) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswmon2.dll -- (LKbdFlt2) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tunmp.dll -- (AdfuUd) SRV - [2012/04/14 07:57:05 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/01/22 23:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/02/23 10:46:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/09/17 12:14:44 | 003,735,552 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\LawnPro 4\DB\bin\fbserver.exe -- (FirebirdServerLP_SERVER) SRV - [2010/09/14 14:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/04/12 10:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009/11/30 12:31:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2009/05/27 11:38:22 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe) SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Robert\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/04/16 19:51:16 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{636326A7-DB38-475B-90AE-A2E612FAC7B5}\MpKslac2d83c0.sys -- (MpKslac2d83c0) DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/09/22 18:52:02 | 000,035,392 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/12/15 14:38:22 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/12 12:02:52 | 000,020,792 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM) DRV - [2010/04/21 11:42:33 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010/04/21 11:42:33 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010/04/21 10:39:10 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010/03/26 20:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm) DRV - [2010/03/26 20:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr) DRV - [2009/11/30 12:31:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009/04/10 23:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint) DRV - [2009/04/10 23:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008/05/29 14:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser) DRV - [2008/01/31 16:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008/01/22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007/10/18 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007/10/02 12:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/09/13 16:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/09/04 12:50:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC) DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B FE 14 E7 CA E5 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=MSDTDF&PC=MSDTDF&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS479 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7Bae3ccaab-8262-4fc2-bae9-0bd81f66dc1e%7D&mid=d1b70f80a9ad47d0a0eed168c02ad089-bdb69c7da7a49c5f965b04c98b9472a05c666613&ds=ft011&v=10.2.0.3〈=en&pr=sa&d=2012-03-26%2017%3A54%3A17" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bae3ccaab-8262-4fc2-bae9-0bd81f66dc1e%7D&mid=d1b70f80a9ad47d0a0eed168c02ad089-bdb69c7da7a49c5f965b04c98b9472a05c666613&ds=ft011&v=10.2.0.3〈=en&pr=sa&d=2012-03-26%2017%3A54%3A17&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 04:02:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 22:06:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 22:06:15 | 000,000,000 | ---D | M] [2011/02/23 11:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions [2011/02/23 11:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/04/14 00:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\4lpq7uts.default\extensions [2011/11/30 00:03:21 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\4lpq7uts.default\extensions\video.downloader.plugin@ffpimp.com [2011/06/30 09:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/06/30 09:06:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3 () (No name found) -- C:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4LPQ7UTS.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2010/04/19 22:05:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/05/08 21:55:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/03/26 17:54:03 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin Hosts file not found O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [belkin Storage Manager] C:\Program Files\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [HP CP1020 System Tray] C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE (HP) O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit) O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.) O4 - HKCU..\Run: [efdecdfabdct] C:\ProgramData\efdecdfabdct.exe () O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.) O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk = C:\Program Files\Jawbone\LaunchJU.exe () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites) O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} http://192.168.1.8/DvrOcx.cab (Dvr Net 8116) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://mls.realist.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control) O16 - DPF: Deployer http://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4F169C5-6DF3-4600-BAB0-847F94640663}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAA2E432-F230-4143-8F42-76797F14BA7B}: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAA8CA2-9E96-446C-852C-4661BE995C16}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{855720ca-4c15-11df-92d4-002170947ee7}\Shell\AutoRun\command - "" = G:\.\MigWiz\migsetup.exe O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/16 23:13:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2012/04/16 22:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2012/04/16 22:51:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0DEF6C79-0753-4E63-B790-6F096AB98DDA} [2012/04/16 22:32:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.com [2012/04/16 22:27:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A498F32A-825E-4B1D-82E5-5B161F846C7D} [2012/04/16 22:07:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.scr [2012/04/16 20:04:39 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/04/16 18:09:36 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Avira [2012/04/16 18:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/04/16 18:03:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012/04/16 18:03:45 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012/04/16 18:03:45 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012/04/16 18:03:45 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012/04/16 18:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/04/16 18:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/04/16 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B5A1E10B-C1B6-473E-9FA2-CD5C6E88E878} [2012/04/16 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Antivirus [2012/04/16 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E2C8AAE2-DEB4-43C3-9031-886A6755D289} [2012/04/15 22:46:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1A4E286C-9811-4EE2-8A1B-5B4DE198F9D1} [2012/04/15 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{CE27A109-5394-43B3-9B85-0BA0345BE70A} [2012/04/15 18:03:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\serial.svs [2012/04/15 17:43:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B3F0A5A0-CF22-406F-96DB-EE148860AEFF} [2012/04/15 12:44:04 | 004,463,836 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe [2012/04/15 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0750ABBB-0E08-4278-BDA2-206551F9B408} [2012/04/15 12:43:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C9EA0DF6-8BD1-47CE-8F96-0BD7CF14E99D} [2012/04/15 12:27:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4093033A-5D36-4DEB-AA82-315123E1F20E} [2012/04/15 12:27:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{49B82476-7ADF-493B-B965-06FECF2AC0D4} [2012/04/15 09:22:07 | 000,000,000 | --SD | C] -- C:\getout [2012/04/15 07:14:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BD236103-EB9D-4C85-BF22-06A3219F9CA4} [2012/04/15 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{678B5675-C3BD-4783-AC50-A38C381E6236} [2012/04/14 22:53:39 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012/04/14 22:09:21 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1D289BA3-E903-490A-87C5-00B02BD4B483} [2012/04/14 22:08:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{ED030C09-4337-4931-9490-543E0503CCFE} [2012/04/14 22:05:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\SeaPort [2012/04/14 19:07:11 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.svs [2012/04/14 18:48:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/14 18:48:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/14 18:48:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/14 18:47:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/04/14 18:45:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/14 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2F1C4554-A367-4F36-BF18-99FF78005C3F} [2012/04/14 10:03:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F33B727C-3DE5-4666-A5E0-70DAD935083F} [2012/04/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A7643C29-E0F7-44DB-A3BE-6050F67F014A} [2012/04/14 00:39:03 | 004,139,680 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012/04/13 23:51:00 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll [2012/04/13 20:57:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F0B2D4C6-C0C6-4728-80CD-108896850BF4} [2012/04/13 20:57:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{82FFC4F4-69BA-4B26-9097-7FCFD6FAEB53} [2012/04/13 15:05:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6FDCD460-6566-4662-94CC-A31B75F8B3CB} [2012/04/13 15:04:52 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E64B9791-078C-469F-9578-A4B211482159} [2012/04/13 08:37:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{33AABF68-4ADE-4532-A8B4-43276D1F5E50} [2012/04/13 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{864B5948-B739-4DF2-A4F2-2D508377FEAC} [2012/04/13 08:14:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{547A7BF8-D409-4B71-AB7F-AEEC38B371C9} [2012/04/13 08:14:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{86BBD0B2-24FE-4598-B5A6-CBD2BF7C0211} [2012/04/11 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C99D920B-64D7-40E2-84EB-9CA79DC27F6C} [2012/04/11 20:31:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{70BBC313-3AF4-41E6-A3E0-77EBFDCA5A34} [2012/04/11 16:25:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F9EFDAB2-F0F3-490F-9830-4C30209CC611} [2012/04/11 16:25:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C5949DB3-04E1-4BB8-9BD0-2B1B3D43847E} [2012/04/11 03:47:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4CA318F1-D88C-43F5-AC73-7553CD821FA8} [2012/04/11 03:46:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{738319E0-AEBB-44DE-B956-E7BBBC5D2B67} [2012/04/11 03:20:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/04/11 03:20:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/04/11 03:20:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/04/11 03:20:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/04/11 03:20:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/04/11 03:20:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/04/11 03:17:43 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/04/11 03:17:43 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/04/05 21:28:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DED38320-0E33-488E-936D-D9EB11F86B15} [2012/04/05 09:28:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DD71A792-E694-426D-97C9-F8F765B61294} [2012/04/05 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{014A4232-26AB-43B3-8EF2-526DFC98A535} [2012/04/04 21:28:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{98ACB5A9-E4DC-4C41-9F53-82894BD07966} [2012/04/04 21:28:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5A7AE06F-A769-48BE-A502-EF65F8715EB3} [2012/04/04 09:22:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{CA3559EF-C32E-485E-A559-3A72BA7A6682} [2012/04/04 09:22:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5C845FE2-D965-4F27-A636-7171B0E360D1} [2012/04/03 21:23:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{182FB11C-B404-4668-9384-06D9D8E9DB89} [2012/04/03 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3F65D6AA-1E2C-41F5-B3F2-7295974F004E} [2012/04/03 09:23:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5ABD861F-5A34-4B30-B8FC-FF39BDC6D262} [2012/04/03 09:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{62C79D40-9430-46B9-8092-F8D8C50DD2B5} [2012/04/02 21:03:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BFB325D0-C3B9-4E70-A390-08DDAE5E1F52} [2012/04/02 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5254AE26-0062-4A81-8F25-6263DA77BBC4} [2012/04/02 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0EC009E3-72B5-4963-881C-E868DA71741E} [2012/04/01 16:42:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E29F4516-D5D8-4284-8F3C-280D87494B83} [2012/04/01 03:50:48 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C166DCBD-078D-4442-8AAF-71D55C676EEA} [2012/03/31 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{72AB3A60-51D6-4BB8-9106-0831917FC467} [2012/03/30 18:18:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{478F5824-5DEB-4B32-9E5A-9DFF7FE4D1D0} [2012/03/30 09:04:51 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/30 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{FF4184CF-F27B-4719-98FB-8A7E44E4C31C} [2012/03/29 15:14:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{161F610D-BC37-4B45-B267-6BFB08D1AEF8} [2012/03/29 00:55:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BD67DDE2-0095-4B5E-85E3-603A2249FBD1} [2012/03/28 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4FF25BA1-40F0-40FB-8322-5C11DF513A56} [2012/03/28 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DD6ECEDD-A0D4-4EB4-80D2-DD0326E55909} [2012/03/27 21:31:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{59C4C59F-1040-47D2-93D9-50ED95AC1A46} [2012/03/27 21:31:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0BE62A2D-7FBF-41EF-A30C-B4076525439B} [2012/03/27 08:59:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2B0ADF2B-4970-4B02-9F01-5AE76106E6F9} [2012/03/27 08:58:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{FE08E746-ACE6-4BE6-B0BC-CAE99770D685} [2012/03/26 19:56:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6B6B45A2-8E11-4CFD-A3BB-E028261B3C34} [2012/03/26 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{9FC3A0D2-DF63-4DB6-B558-2E4130A9A93A} [2012/03/26 07:56:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{90560244-FA91-4E53-A66B-D173BCBB68F6} [2012/03/26 07:56:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{44653173-1A2A-498B-AFE1-AE262F50701D} [2012/03/25 13:11:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{747CBDC4-08E7-4ED3-B8D3-479244749560} [2012/03/25 13:11:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{86799035-3E6C-4642-A799-CD81A4882652} [2012/03/24 23:50:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{998F5DFF-9A6E-4ABC-A88E-FCC904CE14ED} [2012/03/24 11:15:48 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E704F99A-30A3-4207-BC2D-3CF2F65C251C} [2012/03/23 23:07:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5F93912F-DB13-4D8A-A661-614DEEDFEC70} [2012/03/23 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4C3C9BBE-2653-42EE-B3DC-2779E2BEF8B5} [2012/03/23 11:06:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6B518A2C-6AC6-44C1-A19E-78270C139071} [2012/03/23 11:06:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0513FAF5-DEFE-45C8-A941-BFBFC08A07C8} [2012/03/22 22:55:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A40C5A68-A18F-4ADB-8A6A-4E8F332F6AE0} [2012/03/22 08:01:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2106C68D-FA23-4BC5-AC5B-3C8B4AA4F385} [2012/03/22 08:01:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0E5B2DA1-1135-419C-98E2-FCEED7873465} [2012/03/21 14:55:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{002438D7-E05A-4B2C-8DA5-0DC409FC7CFE} [2012/03/21 01:09:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0CCBAE81-0069-43A4-9930-2FBCDA1A63A5} [2012/03/21 01:09:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{7823470A-3378-4EFD-8179-809E1C7E741B} [2012/03/20 13:09:30 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{904E92F8-5B61-4D44-9744-E658E543F59E} [2012/03/19 23:06:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{74BD53DD-9B41-43CE-9E4E-A5D818C6D1E7} [2012/03/19 23:06:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1111FCE7-27C8-40C7-9F19-A4AB0ECC5641} [2012/03/19 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{87062CE8-2F47-4500-94FC-81BE4F658555} [2012/03/19 10:26:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B39D738A-4920-4ACC-9831-4397D905AB45} [2012/03/18 22:18:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B8F813CB-0D23-42A3-BBD5-6148DE6F8402} [2012/03/18 22:18:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E3B7F07E-BF74-46E1-A4FB-46C28B9D52B2} [2012/03/18 10:18:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{98D8EB57-D382-4379-AD51-7F29174B3AA9} [2012/03/18 10:17:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{7A3A7FEF-4080-4B22-B1B1-C5197034DABA} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Robert\Documents\*.tmp files -> C:\Users\Robert\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/16 23:13:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2012/04/16 23:08:02 | 000,654,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/16 23:08:02 | 000,124,998 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/16 22:48:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/16 22:48:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/16 22:48:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/16 22:48:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/16 22:48:01 | 3745,492,992 | -HS- | M] () -- C:\hiberfil.sys [2012/04/16 22:39:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/16 22:35:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/16 22:32:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.com [2012/04/16 22:07:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.scr [2012/04/16 18:04:14 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/04/16 17:56:45 | 001,244,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/04/16 13:56:30 | 000,000,000 | ---- | M] () -- C:\ProgramData\efdecdfabdct.exe [2012/04/16 10:07:31 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012/04/15 22:50:40 | 301,624,611 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/04/15 17:43:30 | 000,002,391 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/04/15 12:08:10 | 004,463,836 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe [2012/04/14 18:40:28 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd [2012/04/14 16:28:00 | 000,903,928 | ---- | M] () -- C:\Users\Robert\Desktop\Executed Contract for 6102 Power.pdf [2012/04/14 16:27:10 | 000,039,943 | ---- | M] () -- C:\Users\Robert\Desktop\Martin Pina IRS Docs.pdf [2012/04/14 10:04:28 | 000,000,197 | ---- | M] () -- C:\Windows\System32\itlsvc.dat [2012/04/14 10:04:27 | 000,115,686 | ---- | M] () -- C:\Windows\System32\itldvupd.dat [2012/04/14 07:57:05 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/04/14 07:57:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/04/14 07:56:59 | 004,139,680 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012/04/14 00:10:00 | 000,248,579 | ---- | M] () -- C:\Users\Robert\Desktop\Revised Contract for 6102 Power.pdf [2012/04/13 13:17:45 | 000,001,356 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat [2012/04/13 09:02:51 | 000,001,876 | ---- | M] () -- C:\Users\Robert\Desktop\The Print Shop 23.lnk [2012/04/13 09:00:36 | 000,033,792 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/13 08:52:38 | 000,000,215 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RFC.url [2012/04/13 08:51:03 | 000,000,104 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk [2012/04/12 19:09:32 | 002,470,912 | ---- | M] () -- C:\Users\Robert\Documents\1514 Shadow Crest Dr - Just Reduced Flyer.pub [2012/04/11 08:53:41 | 000,000,898 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2012/04/10 23:48:59 | 000,402,478 | ---- | M] () -- C:\Users\Robert\Desktop\ONEprop+Application+Packet+2011+Dallas.pdf [2012/04/06 16:04:24 | 000,377,856 | ---- | M] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed Dallas Skyline.biz [2012/04/06 13:00:32 | 000,307,712 | ---- | M] () -- C:\Users\Robert\Documents\Robert Realtor Full Bleed Broker Mod1.biz [2012/04/05 18:39:52 | 000,000,443 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Tempo Login.website [2012/04/05 14:14:57 | 000,060,304 | ---- | M] () -- C:\Users\Robert\g2mdlhlpx.exe [2012/04/05 01:33:24 | 004,006,051 | ---- | M] () -- C:\Users\Robert\Desktop\Personal_Portfolio1.zip [2012/04/02 16:56:27 | 000,319,488 | ---- | M] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed 3.biz [2012/03/27 16:39:48 | 000,044,004 | ---- | M] () -- C:\Users\Robert\Desktop\Redi Carpet Invoice 02-672247.pdf [2012/03/26 17:26:04 | 000,198,970 | ---- | M] () -- C:\Users\Robert\Desktop\1517 Audrey Drive Termite Inspection.pdf [2012/03/21 22:19:15 | 000,239,312 | ---- | M] () -- C:\Users\Robert\Desktop\Shadowcrest CMA.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Robert\Documents\*.tmp files -> C:\Users\Robert\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/16 18:04:14 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/04/16 10:02:55 | 3745,492,992 | -HS- | C] () -- C:\hiberfil.sys [2012/04/14 18:48:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/14 18:48:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/14 18:48:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/14 18:48:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/14 18:48:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/14 16:31:33 | 000,039,943 | ---- | C] () -- C:\Users\Robert\Desktop\Martin Pina IRS Docs.pdf [2012/04/14 16:28:00 | 000,903,928 | ---- | C] () -- C:\Users\Robert\Desktop\Executed Contract for 6102 Power.pdf [2012/04/14 10:04:28 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat [2012/04/14 10:04:27 | 000,115,686 | ---- | C] () -- C:\Windows\System32\itldvupd.dat [2012/04/14 09:25:53 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd [2012/04/14 09:25:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\efdecdfabdct.exe [2012/04/14 00:10:00 | 000,248,579 | ---- | C] () -- C:\Users\Robert\Desktop\Revised Contract for 6102 Power.pdf [2012/04/13 23:33:17 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro Photo XI.lnk [2012/04/13 23:33:17 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk [2012/04/13 23:33:17 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\XSites Desktop.lnk [2012/04/13 23:33:17 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk [2012/04/13 23:33:17 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\zipForm® 6.lnk [2012/04/13 23:33:17 | 000,000,938 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/04/13 23:33:17 | 000,000,898 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2012/04/13 23:33:17 | 000,000,830 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/04/13 23:33:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2012/04/13 23:33:17 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk [2012/04/13 23:33:17 | 000,000,443 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Tempo Login.website [2012/04/13 23:33:17 | 000,000,258 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/04/13 23:33:17 | 000,000,240 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012/04/13 23:33:17 | 000,000,215 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RFC.url [2012/04/13 23:33:17 | 000,000,200 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\LEAN CUISINE Keep Life Delicious.url [2012/04/13 23:33:16 | 000,001,915 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/04/13 23:33:16 | 000,000,104 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk [2012/04/13 09:02:51 | 000,001,876 | ---- | C] () -- C:\Users\Robert\Desktop\The Print Shop 23.lnk [2012/04/12 19:09:32 | 002,470,912 | ---- | C] () -- C:\Users\Robert\Documents\1514 Shadow Crest Dr - Just Reduced Flyer.pub [2012/04/10 23:48:59 | 000,402,478 | ---- | C] () -- C:\Users\Robert\Desktop\ONEprop+Application+Packet+2011+Dallas.pdf [2012/04/05 19:38:23 | 001,469,771 | ---- | C] () -- C:\Users\Robert\Desktop\Mr. Lee's Backdoor.JPG [2012/04/05 01:33:24 | 004,006,051 | ---- | C] () -- C:\Users\Robert\Desktop\Personal_Portfolio1.zip [2012/04/02 17:00:34 | 000,377,856 | ---- | C] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed Dallas Skyline.biz [2012/03/30 09:04:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/27 16:40:49 | 000,044,004 | ---- | C] () -- C:\Users\Robert\Desktop\Redi Carpet Invoice 02-672247.pdf [2012/03/26 17:27:02 | 000,198,970 | ---- | C] () -- C:\Users\Robert\Desktop\1517 Audrey Drive Termite Inspection.pdf [2012/03/21 22:20:05 | 000,239,312 | ---- | C] () -- C:\Users\Robert\Desktop\Shadowcrest CMA.pdf [2011/08/07 21:40:28 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/08/07 21:40:28 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/07/21 11:26:33 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\{779A1892-AB9D-4950-A6BB-DB10D4709463} [2011/04/03 11:59:17 | 000,001,356 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat [2011/01/25 16:53:16 | 000,029,696 | ---- | C] () -- C:\Windows\System32\DvrOcxCHS.dll [2011/01/10 19:05:36 | 000,942,165 | ---- | C] () -- C:\Windows\System32\RM_DVRNET_DLL.dll [2010/12/23 15:42:56 | 000,021,504 | ---- | C] () -- C:\Windows\System32\DvrOcxTRK.dll [2010/12/23 15:42:48 | 000,021,504 | ---- | C] () -- C:\Windows\System32\DvrOcxTRK(KNOWLEDGE).dll [2010/09/19 09:30:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxESP.dll [2010/09/19 09:29:58 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxFRA.dll [2010/09/19 09:29:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxRUS.dll [2010/09/19 09:29:46 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DvrOcxPTB.dll [2010/09/19 09:29:46 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxPTG.dll [2010/09/19 09:29:42 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxDEU.dll [2010/09/19 09:29:42 | 000,014,848 | ---- | C] () -- C:\Windows\System32\DvrOcxCHT.dll [2010/09/19 09:29:34 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxPLK.dll [2010/09/19 09:29:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxITA.dll [2010/05/15 14:51:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\CNARSMNT.DLL [2010/05/12 12:02:52 | 000,126,264 | ---- | C] () -- C:\Windows\System32\HPCP1020LM.dll [2010/04/26 23:58:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2010/04/21 00:25:05 | 000,087,808 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2010/04/20 14:21:45 | 000,033,792 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/20 11:59:42 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini [2010/04/20 10:45:38 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2010/04/20 00:18:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/04/19 21:41:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/04/19 21:41:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/04/19 21:40:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010/04/19 20:58:37 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010/04/19 20:52:50 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2010/04/19 20:52:50 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2010/04/19 20:52:50 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2010/04/19 20:52:50 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2010/04/19 20:20:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/04/19 19:30:13 | 000,002,391 | ---- | C] () -- C:\Windows\bthservsdp.dat < End of report >
  5. Logfile of HijackThis v1.99.1 Scan saved at 11:04:43 PM, on 4/16/2012 Platform: Unknown Windows (WinNT 6.00.1906 SP2) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\Napster\napster.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Belkin Storage Manager\StorageManager.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe C:\Program Files\eFax Messenger 4.4\J2GTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Robert\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe" O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [HP CP1020 System Tray] "C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [efdecdfabdct] "C:\ProgramData\efdecdfabdct.exe" O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe O4 - Startup: Launch Jawbone Updater.lnk = C:\Program Files\Jawbone\LaunchJU.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: CardMinder Viewer.lnk = ? O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ? O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: ScanSnap Manager.lnk = ? O4 - Global Startup: XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: Deployer - http://www.pcthreat.com/autoinstall/shsafeinstall.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} (Dvr Net 8116) - http://192.168.1.8/DvrOcx.cab O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://mls.realist.com/mapviewer/mapviewer.cab O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Server - LP_SERVER (FirebirdServerLP_SERVER) - Unknown owner - C:\Program Files\LawnPro 4\DB\bin\fbserver.exe" -s LP_SERVER (file missing) O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
  6. I ran DDS but it just runs and runs... I've been fighting it since Friday! I have attached logs from OTL, High Jack This, and a few other tools that I have run. Combofix is the only program that reports that I have ZeroAccess and that it has infected the TCP/IP stack, but iCombofix just runs but never runs any steps. I appreciate the help! Robert AntiZeroAccess_Log.txt AntiZeroAccess_Log.txt dberr.txt Extras.Txt hijackthis.log OTL.Txt SCHEDLGU.TXT
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.