tb1rd96

Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

So, I assume we (you) got the problem licked?

OK, Protected Mode got turned on; I turned it off and IE9 actually works now.

All the programs I tried seemed to work - not an exhaustive test, of course in this short time. Live Mail seems OK......but, there is substantial issues with IE9.None of the numerous websites I tried would load - except for this site! It is the only one. I tried YouTube, CNN, etc - ordinary sites. Selected Favorites would not load and typed-in URLs would not load, except this one either selected or typed. I did several hard reboots without noticeable improvement. I just selected Shutdown and MS is forcing a 21 item update. I hate MS as do a legion of other users. Guess it will be done in a while.

Mbar scan results: SUCCESSFUL! 3 logs attached. First & second run of mbar mbar-log-2012-11-24 (15-37-12).txt system-log.txt mbar-log-2012-11-24 (15-52-48).txt

"our friend svnhist is at %userprofile%\temp\91551irikarah.exe" Not as easy to find as I thought. The holiday is getting in the way for me so I have to quit for now - probably you do too. I will run MBAR after tomorrow when I can devote my whole attention to it. When would you be available after Thanksgiving? I respect your time and I am thankful to you for your help and patience. I appreciate you and your expertise. I hope you will have a great Thanksgiving and are refreashed for the battles ahead. Take care. tb1rd96

our friend svnhist is at %userprofile%\temp\91551irikarah.exe I have not touched it, maybe ComboFix got it? Take care of then if possible. ~~~~~~~~~~~~~~~~~~ I don't understand - is there something you want me to do?: "Take care of then if possible."

I am sorry I missed your "kill" instruction and ran ComboFix. By the way, while shutting down Spybot, I found a list of programs & their locations - our friend svnhist is at %userprofile%\temp\91551irikarah.exe I have not touched it, maybe ComboFix got it? ComboFix log: ComboFix 12-11-21.01 - Glen d 11/21/12 13:58:39.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8730 [GMT -7:00] Running from: c:\users\Glen\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Glen\Temp\sfamcc00001.dll c:\users\Glen\Temp\sfareca00001.dll c:\windows\SysWow64\H . . ((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 ))))))))))))))))))))))))))))))) . . 2012-11-21 21:02 . 2012-11-21 21:02 -------- d-----w- c:\users\Glen\AppData\Local\temp 2012-11-21 03:27 . 2012-11-21 03:27 -------- d-----w- C:\_OTL 2012-11-21 01:04 . 2012-11-21 01:04 -------- d-----w- C:\FRST 2012-11-12 17:21 . 2012-11-12 17:21 -------- d-----w- c:\programdata\ATI 2012-11-12 17:21 . 2012-11-12 17:21 -------- d-----w- c:\program files (x86)\AMD AVT 2012-11-12 17:21 . 2012-11-12 17:21 -------- d-----w- c:\program files (x86)\AMD APP 2012-11-12 17:20 . 2012-11-12 17:20 -------- d-----w- c:\program files\ATI 2012-11-08 05:03 . 2012-11-08 05:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-08 05:03 . 2012-11-08 05:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-08 05:03 . 2012-11-08 05:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-08 05:03 . 2012-11-08 05:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-08 05:03 . 2012-11-08 05:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-08 05:03 . 2012-11-08 05:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-08 05:03 . 2012-11-08 05:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-08 05:03 . 2012-11-08 05:03 -------- d-----w- c:\program files (x86)\QuickTime 2012-11-03 01:40 . 2012-11-03 01:40 -------- d-----w- c:\program files (x86)\Samsung SSD Magician 2012-11-02 23:27 . 2012-11-03 01:17 -------- d-----w- C:\ICONS 2012-11-02 23:25 . 2012-11-02 23:29 -------- d-----w- C:\CURSORS 2012-11-02 23:21 . 2012-11-02 23:22 -------- d-----w- c:\program files\Classic Shell 2012-10-25 10:12 . 2012-10-25 10:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 10:12 . 2012-10-25 10:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 00:29 . 2010-05-09 05:33 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-10-10 23:09 . 2010-05-09 03:36 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-09 02:44 . 2012-10-07 23:02 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 02:44 . 2012-10-07 23:02 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-30 01:54 . 2012-06-09 01:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 22:37 . 2012-09-28 22:37 221696 ----a-w- c:\windows\system32\clinfo.exe 2012-09-28 22:36 . 2012-09-28 22:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-09-28 22:36 . 2012-09-28 22:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-09-28 22:36 . 2012-09-28 22:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-09-28 22:36 . 2012-09-28 22:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-09-28 22:36 . 2012-09-28 22:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll 2012-09-28 22:32 . 2012-09-28 22:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll 2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll 2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll 2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-09-28 01:41 . 2010-05-06 09:51 1120768 ----a-w- c:\windows\system32\aticfx64.dll 2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe 2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-09-28 01:31 . 2010-05-06 09:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll 2012-09-28 01:25 . 2010-05-06 09:51 6704640 ----a-w- c:\windows\system32\atiumd64.dll 2012-09-28 01:22 . 2010-05-06 09:51 7167488 ----a-w- c:\windows\system32\atidxx64.dll 2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll 2012-09-28 01:13 . 2011-09-08 16:53 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-09-28 01:11 . 2010-05-06 09:51 129536 ----a-w- c:\windows\system32\atiuxp64.dll 2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-09-28 01:11 . 2010-05-06 09:51 103424 ----a-w- c:\windows\system32\atiu9p64.dll 2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-09-14 19:19 . 2012-10-10 23:05 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 23:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 23:06 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 23:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 23:06 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 23:06 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-25 18:46 . 2012-08-25 18:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-08-25 18:46 . 2012-08-25 18:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-08-25 18:46 . 2012-08-25 18:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-08-25 18:46 . 2012-08-25 18:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-08-25 18:46 . 2012-08-25 18:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-08-25 18:46 . 2012-08-25 18:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-08-25 18:46 . 2012-08-25 18:46 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-08-25 18:46 . 2012-08-25 18:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-08-25 18:46 . 2012-08-25 18:46 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-08-25 18:46 . 2012-08-25 18:46 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-08-25 18:46 . 2012-08-25 18:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-08-25 18:46 . 2012-08-25 18:46 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-08-25 18:46 . 2012-08-25 18:46 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-08-25 18:46 . 2012-08-25 18:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-08-25 18:46 . 2012-08-25 18:46 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-08-25 18:46 . 2012-08-25 18:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-08-25 18:46 . 2012-08-25 18:46 222208 ----a-w- c:\windows\system32\msls31.dll 2012-08-25 18:46 . 2012-08-25 18:46 197120 ----a-w- c:\windows\system32\msrating.dll 2012-08-25 18:46 . 2012-08-25 18:46 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-08-25 18:46 . 2012-08-25 18:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-08-25 18:46 . 2012-08-25 18:46 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-08-25 18:46 . 2012-08-25 18:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-08-25 18:46 . 2012-08-25 18:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-08-25 18:46 . 2012-08-25 18:46 149504 ----a-w- c:\windows\system32\occache.dll 2012-08-25 18:46 . 2012-08-25 18:46 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-08-25 18:46 . 2012-08-25 18:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-08-25 18:46 . 2012-08-25 18:46 12288 ----a-w- c:\windows\system32\mshta.exe 2012-08-25 18:46 . 2012-08-25 18:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-08-25 18:46 . 2012-08-25 18:46 114176 ----a-w- c:\windows\system32\admparse.dll 2012-08-25 18:46 . 2012-08-25 18:46 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-08-25 18:46 . 2012-08-25 18:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-08-25 18:46 . 2012-08-25 18:46 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-08-25 18:46 . 2012-08-25 18:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-08-25 18:46 . 2012-08-25 18:46 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-08-25 18:46 . 2012-08-25 18:46 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-08-25 18:46 . 2012-08-25 18:46 82432 ----a-w- c:\windows\system32\icardie.dll 2012-08-25 18:46 . 2012-08-25 18:46 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-08-25 18:46 . 2012-08-25 18:46 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-08-25 18:46 . 2012-08-25 18:46 452608 ----a-w- c:\windows\system32\dxtmsft.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay] @="{594D4122-1F87-41E2-96C7-825FB4796516}" [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}] 2012-10-28 15:29 610816 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LinkStashMonitor"="c:\program files (x86)\LinkStash\lsmon.exe" [2007-07-05 73944] "HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2011-10-12 569344] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2011-10-12 409600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2000-01-01 43608] "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] . c:\users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LinkStash.lnk - c:\program files (x86)\LinkStash\lnkstash.exe [2011-6-7 815320] Magnify.lnk - c:\windows\system32\magnify.exe [2009-7-13 652800] Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-11-2 1507328] Start Menu Settings.lnk - c:\program files\Classic Shell\ClassicStartMenu.exe [2012-10-28 160256] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-9-12 4679672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864] R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x] R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x] R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-09 1255736] S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-10-14 230480] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-12-23 57480] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-12-23 51336] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-12-23 19592] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-12-23 189576] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121120.001\IDSvia64.sys [2012-09-06 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064] S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544] S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 127800] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-03-12 190120] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2000-01-01 114704] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-13 287960] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys [2012-04-29 73000] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-03-19 17:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 02:44] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 17:09] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-20 17:09] . 2012-11-03 c:\windows\Tasks\HPCeeScheduleForGlen.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22] . 2012-10-05 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay] @="{594D4122-1F87-41E2-96C7-825FB4796516}" [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}] 2012-10-28 15:29 741376 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2000-01-01 324096] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2012-10-28 160256] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.weather.com/weather/right-now/Erie+CO+USCO0129:1:US uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B0F4232C-93D3-4623-BA32-B86249806CBB}: NameServer = 64.58.15.2,216.241.177.241 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-svñhîst - c:\users\Glen\Temp\91551irikarah.exe SafeBoot-SolutoService HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE} AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe . ************************************************************************** . Completion time: 2012-11-21 14:06:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-21 21:06 . Pre-Run: 49,177,645,056 bytes free Post-Run: 48,867,905,536 bytes free . - - End Of File - - 79744EB8F686D5F07D957922EB104DA0

I have my icons back and the Start Menu (but not the desktop picture - minor detail at the moment). I will continue on with your instructions to run ComboFix.

OK - I got to run UNHIDE with Task Manager - something new for me. It is running now.

Can I access it from the Task Mgr - New Task? Never done it before.

We are making progress thanks to you. And, I sure don't want to reboot either - no re-infections! My problem is getting anything to run. I downloaded UNHIDE to my flash drive, but when I plug it into the patient, the flash drive's led blinks a few times but no popup appears so I can access it. Without Start menu or Win Explorer, I don't know how to run the program.

Desktop Gadgets are a clock and a calendar!

Ended the malware task which removed the 'gray shield.' I have a couple of Gadgets located on that monitor and they are working correctly (a clock and a monitor); but, the Start Menu and all icons are missing. Also, my Desktop picture that should appear on all 3 monitors is missing.

Now, the main monitor is covered by a plain light-gray screen. I did a crtl-alt-del and the task manager came up in the other monitor. Only one task is running: svnhist - the n and the i both have marks above them. I did not end the task & still have the task mgr on screen - waiting for your instruction.

Sorry about my mess up - here is the log: ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_USERS\Glen_ON_I\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\Glen_ON_I\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Registry key HKEY_USERS\Glen_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_USERS\DefaultAppPool_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found. Registry key HKEY_USERS\LocalService_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found. Registry key HKEY_USERS\NetworkService_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. I:\Program Files (x86)\GUMFFB8.tmp folder deleted successfully. File I:\Windows\SysWow64\?XÑ not found. File I:\Windows\SysWow64\?XÑ not found. ADS I:\ProgramData\Temp:CF778051 deleted successfully. OTLPE by OldTimer - Version 3.1.48.0 log created on 11212012_111649

Here is the 'fix' log: (NOTE - the sick machine changed the Win drive letter from I to H / I modified your script to make it work - just to let you know if something looks really strange if I missed one.) ---------------------------------------------------------------------- OTL logfile created on: 11/20/2012 10:45:56 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86) Drive C: | 107.81 Mb Total Space | 81.91 Mb Free Space | 75.97% Space Free | Partition Type: NTFS Drive H: | 104.13 Gb Total Space | 45.72 Gb Free Space | 43.90% Space Free | Partition Type: NTFS Drive I: | 3.79 Gb Total Space | 3.73 Gb Free Space | 98.56% Space Free | Partition Type: FAT32 Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/03/12 11:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto] -- H:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel® SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- H:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto] -- H:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto] -- H:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV:64bit: - [2010/04/07 08:04:24 | 000,127,800 | ---- | M] (HP) [Auto] -- H:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/10/08 21:44:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/12/23 01:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- H:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent) SRV - [2011/12/23 01:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- H:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent) SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- H:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/04/30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011/03/01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand] -- H:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- H:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- H:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand] -- H:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto] -- H:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/04/29 08:27:00 | 000,073,000 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- H:\Windows\System32\drivers\RAMDiskVE.sys -- (RAMDiskVE) DRV:64bit: - [2012/03/06 05:09:22 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2011/12/23 01:09:40 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- H:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK) DRV:64bit: - [2011/12/23 01:09:38 | 000,051,336 | ---- | M] () [Kernel | Boot] -- H:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON) DRV:64bit: - [2011/12/23 01:09:34 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- H:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS) DRV:64bit: - [2011/12/23 01:09:30 | 000,057,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot] -- H:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP) DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- H:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- H:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- H:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011/05/31 20:00:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS -- (SymNetS) DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System] -- H:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- H:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP) DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- H:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- H:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys -- (SymDS) DRV:64bit: - [2010/11/25 04:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- H:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System] -- H:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON) DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- H:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010/01/28 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/10/14 18:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot] -- H:\Windows\System32\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/06/13 02:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel® DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [1999/12/31 19:00:00 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV - [2012/10/05 13:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/09/12 21:13:03 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- H:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.016\ex64.sys -- (NAVEX15) DRV - [2012/09/12 21:13:03 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- H:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.016\eng64.sys -- (NAVENG) DRV - [2012/09/06 05:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121110.005\IDSviA64.sys -- (IDSVia64) DRV - [2012/08/09 10:57:26 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011/06/02 12:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand] -- H:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2010/07/09 13:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- H:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\DefaultAppPool_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\DefaultAppPool_ON_H\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1 IE - HKU\DefaultAppPool_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKU\Glen_ON_H\Software\Microsoft\Internet Explorer\Main,Default Download Directory = IE - HKU\Glen_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\Glen_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/right-now/Erie+CO+USCO0129:1:US IE - HKU\Glen_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: H:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: H:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3: H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: H:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: H:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: H:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: H:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/01 01:11:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 11:16:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/11/20 20:25:10 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/10/25 22:22:47 | 000,444,707 | R--- | M]) - H:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15272 more lines... O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - H:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - H:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - H:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - H:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - H:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - H:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] H:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [Classic Start Menu] H:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [EvtMgr6] H:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [iAStorIcon] H:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [MaxMenuMgr] H:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [startCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\DefaultAppPool_ON_H..\Run: [HPADVISOR] File not found O4 - HKU\DefaultAppPool_ON_H..\Run: [sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\Glen_ON_H..\Run: [Grid] H:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe () O4 - HKU\Glen_ON_H..\Run: [HydraVisionDesktopManager] H:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\Glen_ON_H..\Run: [HydraVisionMDEngine] H:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKU\Glen_ON_H..\Run: [LinkStashMonitor] H:\Program Files (x86)\LinkStash\lsmon.exe () O4 - HKU\Glen_ON_H..\Run: [svñhîst] File not found O4 - HKU\LocalService_ON_H..\Run: [sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_H..\Run: [sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\DefaultAppPool_ON_H..\RunOnce: [mctadmin] File not found O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found O4 - Startup: Error locating startup folders. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\Glen_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - H:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - H:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - Glen_ON_H\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - H:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/11/20 22:27:39 | 000,000,000 | ---D | C] -- H:\_OTL [2012/11/20 20:04:10 | 000,000,000 | ---D | C] -- H:\FRST [2012/11/12 23:56:15 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{135F2ADE-ACA3-47C8-8126-A227FA1799A3} [2012/11/12 12:21:19 | 000,000,000 | ---D | C] -- H:\ProgramData\ATI [2012/11/12 12:21:18 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\AMD AVT [2012/11/12 12:21:16 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\AMD APP [2012/11/12 12:21:07 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/11/12 12:20:18 | 000,000,000 | ---D | C] -- H:\Program Files\ATI [2012/11/12 11:55:41 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{43D30A77-F383-498A-B226-517E76221442} [2012/11/11 23:55:06 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{E8657607-7D0F-4E4B-B22B-141AD3F5A464} [2012/11/11 11:54:32 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{6E04220D-0074-42BA-9AD9-40BD3E84B131} [2012/11/10 14:50:24 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{0B97FBBC-CF08-4771-AB89-4CF6C24BA724} [2012/11/09 23:55:49 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{9B9BADB8-B11C-4604-B2BB-BCD405E9180B} [2012/11/09 11:55:26 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{DAE2862F-D591-41FA-8878-70DF5B6AFBEF} [2012/11/08 23:54:52 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{2744916D-0B0E-4667-B487-AF86427E7EA6} [2012/11/08 11:54:29 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{E4FF8A2E-F143-4138-B051-D31A7AD907AE} [2012/11/08 00:03:38 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/08 00:03:34 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\QuickTime [2012/11/07 18:27:52 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{26779CC5-967A-4872-A30B-46F9088BE921} [2012/11/07 00:38:43 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{E67E6DCB-A8C4-4917-8BEE-BBCA698A7851} [2012/11/06 12:38:08 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{8D1438DF-B3F6-4F16-9AB4-31686577EDD6} [2012/11/06 00:37:34 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{CD2571DE-AEE8-47AB-98EC-06288107AF86} [2012/11/05 19:24:25 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2012/11/05 12:37:11 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{6A38D110-3B18-4E8A-A772-B32B66C5AF4B} [2012/11/04 13:28:29 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{2EF523FB-5DE3-4EB5-B2F5-16B428E0DECD} [2012/11/04 01:27:54 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{FE991D58-D6C2-4BDF-BA09-79EB46D6C888} [2012/11/03 13:27:31 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{34F437B3-3511-4365-B522-5CF9E1C202DA} [2012/11/02 20:40:48 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician [2012/11/02 20:40:45 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Samsung SSD Magician [2012/11/02 18:27:41 | 000,000,000 | ---D | C] -- H:\ICONS [2012/11/02 18:25:44 | 000,000,000 | ---D | C] -- H:\CURSORS [2012/11/02 18:21:26 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2012/11/02 18:21:26 | 000,000,000 | ---D | C] -- H:\Program Files\Classic Shell [2012/11/02 18:17:13 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{8E816E8B-4239-42D1-9A77-B614DD5D026F} [2012/11/02 16:56:20 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{D0DD8817-50A0-4DB3-8EC1-82CCC21018F2} [2012/11/02 16:30:03 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{803D4D60-994A-445E-8066-B98373049640} [2012/10/26 11:38:20 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{7EA82703-4645-4503-8D12-8856E607756D} [2012/10/26 11:34:29 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{498D78CA-FFB5-46CD-AEF7-51D2EEDDF0DB} [2012/10/25 13:20:42 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{523C112A-6A8F-423C-9A73-C9372EFCA675} [2012/10/25 05:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- H:\Windows\SysWow64\QuickTimeVR.qtx [2012/10/25 05:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- H:\Windows\SysWow64\QuickTime.qts [2012/10/24 09:31:49 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{864E8024-E64C-4175-9E8F-7BD34CDA727C} [2012/10/24 00:20:54 | 000,000,000 | ---D | C] -- H:\Windows\Minidump [2012/10/23 12:20:30 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{D6C5408C-9045-4C4A-9C54-D7E5608166A6} [2012/10/22 12:40:08 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{8FD7A988-7F27-41A0-87D7-811B0A24B044} [2012/10/22 00:39:34 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{8CF8D34B-1262-4F57-8B80-5C0E6EF1F3DC} [1 H:\Program Files (x86)\*.tmp files -> H:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/20 20:26:21 | 1153,433,600 | ---- | M] () -- H:\RAMDisk.img [2012/11/20 20:26:19 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat [2012/11/20 20:25:11 | 000,000,890 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/20 20:05:02 | 000,717,976 | ---- | M] () -- H:\Windows\System32\perfh009.dat [2012/11/20 20:05:02 | 000,140,468 | ---- | M] () -- H:\Windows\System32\perfc009.dat [2012/11/20 13:30:18 | 000,006,632 | ---- | M] () -- H:\bootsqm.dat [2012/11/20 12:28:53 | 000,001,021 | ---- | M] () -- H:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LinkStash.lnk [2012/11/19 16:35:59 | 000,001,599 | ---- | M] () -- H:\Users\Glen\Desktop\mbam.exe.lnk [2012/11/19 16:21:13 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/13 11:50:57 | 000,015,984 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/13 11:50:57 | 000,015,984 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/13 00:44:00 | 000,000,830 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/13 00:07:00 | 000,000,894 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/12 12:21:07 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/11/08 00:03:38 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/06 17:44:52 | 000,001,289 | ---- | M] () -- H:\Users\Glen\Desktop\Windows Explorer.lnk [2012/11/05 19:24:26 | 000,001,187 | ---- | M] () -- H:\Users\Glen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2012/11/05 19:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2012/11/03 18:13:01 | 000,000,328 | ---- | M] () -- H:\Windows\tasks\HPCeeScheduleForGlen.job [2012/11/02 20:40:48 | 000,001,246 | ---- | M] () -- H:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2012/11/02 20:40:48 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician [2012/11/02 20:21:27 | 000,001,836 | ---- | M] () -- H:\Users\Glen\Desktop\SpeedFan.lnk [2012/11/02 20:20:57 | 000,001,293 | ---- | M] () -- H:\Users\Glen\Desktop\DNSBench.lnk [2012/11/02 20:20:20 | 000,002,025 | ---- | M] () -- H:\Users\Glen\Desktop\ColorCopy.lnk [2012/11/02 20:18:29 | 000,002,108 | ---- | M] () -- H:\Users\Glen\Desktop\Task Mgr.lnk [2012/11/02 20:16:01 | 000,001,603 | ---- | M] () -- H:\Users\Glen\Desktop\Disk Mgr.lnk [2012/11/02 20:11:41 | 000,001,733 | ---- | M] () -- H:\Users\Glen\Desktop\My Calendar.lnk [2012/11/02 20:09:41 | 000,002,139 | ---- | M] () -- H:\Users\Glen\Desktop\I QUIT.lnk [2012/11/02 20:03:30 | 000,002,481 | ---- | M] () -- H:\Users\Glen\Desktop\Rx Refill.lnk [2012/11/02 20:02:57 | 000,002,193 | ---- | M] () -- H:\Users\Glen\Desktop\Monthly Bills.lnk [2012/11/02 19:57:51 | 000,000,930 | ---- | M] () -- H:\Users\Glen\Desktop\Control Panel.lnk [2012/11/02 19:57:06 | 000,001,339 | ---- | M] () -- H:\Users\Glen\Desktop\Printers.lnk [2012/11/02 18:21:26 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2012/10/25 22:36:38 | 000,001,164 | ---- | M] () -- H:\Users\Glen\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/25 22:22:47 | 000,444,707 | R--- | M] () -- H:\Windows\System32\drivers\etc\hosts [2012/10/25 05:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- H:\Windows\SysWow64\QuickTimeVR.qtx [2012/10/25 05:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- H:\Windows\SysWow64\QuickTime.qts [1 H:\Program Files (x86)\*.tmp files -> H:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/20 13:30:18 | 000,006,632 | ---- | C] () -- H:\bootsqm.dat [2012/11/19 16:35:59 | 000,001,599 | ---- | C] () -- H:\Users\Glen\Desktop\mbam.exe.lnk [2012/11/05 19:24:26 | 000,001,187 | ---- | C] () -- H:\Users\Glen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2012/11/02 17:19:55 | 000,001,289 | ---- | C] () -- H:\Users\Glen\Desktop\Windows Explorer.lnk [2012/08/18 20:56:13 | 000,079,872 | ---- | C] () -- H:\Windows\SysWow64\ff_vfw.dll [2012/06/11 11:50:16 | 000,204,952 | ---- | C] () -- H:\Windows\SysWow64\ativvsvl.dat [2012/06/11 11:50:16 | 000,157,144 | ---- | C] () -- H:\Windows\SysWow64\ativvsva.dat [2012/05/02 16:58:10 | 000,029,184 | ---- | C] () -- H:\Windows\SysWow64\kdbsdk32.dll [2012/04/15 13:54:54 | 002,469,760 | ---- | C] () -- H:\Windows\SysWow64\BootMan.exe [2012/04/15 13:54:54 | 000,086,408 | ---- | C] () -- H:\Windows\SysWow64\setupempdrv03.exe [2012/04/15 13:54:54 | 000,019,840 | ---- | C] () -- H:\Windows\SysWow64\EuEpmGdi.dll [2012/04/15 13:54:54 | 000,014,216 | ---- | C] () -- H:\Windows\SysWow64\epmntdrv.sys [2012/04/15 13:54:54 | 000,008,456 | ---- | C] () -- H:\Windows\SysWow64\EuGdiDrv.sys [2012/04/02 23:49:29 | 000,000,614 | ---- | C] () -- H:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/11/06 20:06:19 | 000,000,069 | ---- | C] () -- H:\Windows\NeroDigital.ini [2011/10/25 23:21:34 | 000,056,832 | ---- | C] () -- H:\Windows\SysWow64\OVDecoder.dll [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat [2011/03/22 16:28:07 | 000,000,621 | ---- | C] () -- H:\Users\Glen\AppData\Roaming\Network Monitor II_Settings.ini [2011/02/25 01:05:22 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll [2010/12/20 17:02:11 | 000,000,193 | ---- | C] () -- H:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010/12/01 01:10:15 | 000,023,140 | ---- | C] () -- H:\Windows\hpqins15.dat [2010/07/02 22:33:13 | 000,851,992 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI [2010/06/14 13:21:00 | 000,000,061 | ---- | C] () -- H:\Windows\VSWizard.ini [2010/06/02 13:28:29 | 000,000,848 | -HS- | C] () -- H:\ProgramData\KGyGaAvL.sys [2010/05/14 00:45:35 | 000,477,057 | ---- | C] () -- H:\Windows\hphins29.dat.temp [2010/05/14 00:45:35 | 000,000,724 | ---- | C] () -- H:\Windows\hphmdl29.dat.temp [2010/05/09 23:03:32 | 000,007,646 | ---- | C] () -- H:\Users\Glen\AppData\Local\resmon.resmoncfg [2010/05/06 04:02:39 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat [2009/04/01 12:48:16 | 000,053,478 | ---- | C] () -- H:\Windows\mvtcpui.ini [2008/02/01 02:48:00 | 000,040,960 | ---- | C] () -- H:\Windows\sucdapi.dll [2002/09/11 09:26:52 | 000,063,730 | ---- | C] () -- H:\Program Files (x86)\viewsonicinstruct_xp.pdf [1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- H:\Windows\SysWow64\DOCOBJ.DLL [1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- H:\Windows\SysWow64\HLINKPRX.DLL ========== LOP Check ========== [2010/08/22 15:56:32 | 000,000,000 | ---D | M] -- H:\ProgramData\AJC Software [2012/11/12 12:21:18 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD [2011/05/08 17:08:49 | 000,000,000 | ---D | M] -- H:\ProgramData\AmUStor [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data [2011/12/08 18:33:55 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonBJ [2011/12/08 18:47:04 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonEPP [2011/12/08 18:51:48 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJEGV [2011/12/08 18:47:04 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJEPPEX2 [2011/12/08 18:36:06 | 000,000,000 | ---D | M] -- H:\ProgramData\CanonIJMSetup [2012/01/26 14:27:55 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJScan [2011/12/08 18:35:53 | 000,000,000 | ---D | M] -- H:\ProgramData\CanonIJWSpt [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents [2010/12/19 18:37:33 | 000,000,000 | ---D | M] -- H:\ProgramData\Driver Whiz [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites [2012/09/15 17:26:23 | 000,000,000 | ---D | M] -- H:\ProgramData\Futuremark [2010/08/22 15:54:18 | 000,000,000 | ---D | M] -- H:\ProgramData\IsolatedStorage [2010/10/29 13:56:04 | 000,000,000 | ---D | M] -- H:\ProgramData\Karen's Power Tools [2010/07/09 21:06:54 | 000,000,000 | ---D | M] -- H:\ProgramData\LightScribe [2011/11/08 15:06:47 | 000,000,000 | ---D | M] -- H:\ProgramData\Maxtor [2010/05/28 16:13:58 | 000,000,000 | ---D | M] -- H:\ProgramData\MiK [2010/08/31 18:23:49 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows [2012/08/22 11:42:08 | 000,000,000 | ---D | M] -- H:\ProgramData\PCPitstop [2011/05/31 19:27:03 | 000,000,000 | ---D | M] -- H:\ProgramData\PCSettings [2012/11/20 13:15:12 | 000,000,000 | ---D | M] -- H:\ProgramData\Recovery [2012/10/16 20:37:16 | 000,000,000 | ---D | M] -- H:\ProgramData\Samsung [2010/10/20 15:58:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Seagate [2012/04/05 11:53:40 | 000,000,000 | ---D | M] -- H:\ProgramData\Soluto [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu [2011/08/10 11:02:29 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates [2012/05/18 23:11:05 | 000,000,000 | ---D | M] -- H:\ProgramData\TP-LINK [2010/05/06 04:30:38 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent [2011/10/26 22:24:51 | 000,000,000 | ---D | M] -- H:\ProgramData\WinZip [2012/08/19 16:18:24 | 000,000,000 | ---D | M] -- H:\ProgramData\Zoom Player [2010/05/06 04:21:56 | 000,000,000 | ---D | M] -- H:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D} [2012/10/05 18:28:50 | 000,000,456 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job [2012/10/11 12:02:00 | 000,032,572 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < :OTL > < O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. > < O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. > < O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. > < O4 - HKU\Glen_ON_H..\Run: [svñhîst] File not found > < O4 - HKU\DefaultAppPool_ON_H..\RunOnce: [mctadmin] File not found > < O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found > < O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found > < O34 - HKLM BootExecute: (autocheck autochk *) - File not found > < 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found > < 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found > < [1 H:\Program Files (x86)\*.tmp files -> H:\Program Files (x86)\*.tmp -> ] > < [2011/11/11 00:21:20 | 000,000,088 | ---- | M] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ > Invalid Switch: 11 00:21:20 | 000,000,088 | ---- | M] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ < [2011/11/11 00:21:20 | 000,000,088 | ---- | C] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ > Invalid Switch: 11 00:21:20 | 000,000,088 | ---- | C] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ < @Alternate Data Stream - 121 bytes -> H:\ProgramData\Temp:CF778051 > ========== Files - Unicode (All) ========== [2011/11/11 00:21:20 | 000,000,088 | ---- | M] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ [2011/11/11 00:21:20 | 000,000,088 | ---- | C] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> H:\ProgramData\Temp:CF778051 < End of report >

No, I did not try system restore because I disabled it (hang my head in shame....). Yes, dumb stunt. I already beat on myself for not having it active and planned to activate it after it is fixed. Sorry to be dumb about this, but notepad has several encoding formats - should it be Unicode?

My Win7 and all my programs are on a Samsung 830 128GB SSD. Normally, the SSD has a System partition with no drive letter and the C:\ drive. Somewhere along the line, somehow the System has been given the drive letter C:\ and the Win7 is in I:\ which caused me a lot of confusion. Once I figured this out, I easily found the Windows folder in OTLPE "Browse For Folder" and could run the program. I have Partition Master and can change the drive letters once the patient is repaired. One odd thing - when asked to load remote registry, I said Yes and it went directly to Auto Load All Remaining Users. So, I canceled out and redid OTLPE and it asked to load remote user profiles, then went directly to Auto Load All Remaining Users. Therefore, maybe this file may be only one part of what you expect. OTL.txt OTL logfile created on: 11/20/2012 7:16:28 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86) Drive C: | 107.81 Mb Total Space | 81.91 Mb Free Space | 75.97% Space Free | Partition Type: NTFS Drive D: | 3.79 Gb Total Space | 3.73 Gb Free Space | 98.56% Space Free | Partition Type: FAT32 Drive I: | 104.13 Gb Total Space | 45.72 Gb Free Space | 43.90% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- I:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/03/12 11:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto] -- I:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel® SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- I:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto] -- I:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto] -- I:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV:64bit: - [2010/04/07 08:04:24 | 000,127,800 | ---- | M] (HP) [Auto] -- I:\Windows\System32\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/10/08 21:44:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/12/23 01:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- I:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent) SRV - [2011/12/23 01:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- I:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent) SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/04/30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011/03/01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand] -- I:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- I:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand] -- I:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto] -- I:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/04/29 08:27:00 | 000,073,000 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RAMDiskVE.sys -- (RAMDiskVE) DRV:64bit: - [2012/03/06 05:09:22 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2011/12/23 01:09:40 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- I:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK) DRV:64bit: - [2011/12/23 01:09:38 | 000,051,336 | ---- | M] () [Kernel | Boot] -- I:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON) DRV:64bit: - [2011/12/23 01:09:34 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- I:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS) DRV:64bit: - [2011/12/23 01:09:30 | 000,057,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot] -- I:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP) DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- I:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- I:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- I:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011/05/31 20:00:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS -- (SymNetS) DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- I:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP) DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- I:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys -- (SymDS) DRV:64bit: - [2010/11/25 04:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON) DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- I:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010/01/28 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/10/14 18:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot] -- I:\Windows\System32\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/06/13 02:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel® DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [1999/12/31 19:00:00 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV - [2012/10/05 13:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/09/12 21:13:03 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.016\ex64.sys -- (NAVEX15) DRV - [2012/09/12 21:13:03 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.016\eng64.sys -- (NAVENG) DRV - [2012/09/06 05:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121110.005\IDSviA64.sys -- (IDSVia64) DRV - [2012/08/09 10:57:26 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011/06/02 12:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand] -- I:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64) DRV - [2010/07/09 13:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- I:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\DefaultAppPool_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\DefaultAppPool_ON_I\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1 IE - HKU\DefaultAppPool_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKU\Glen_ON_I\Software\Microsoft\Internet Explorer\Main,Default Download Directory = IE - HKU\Glen_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\Glen_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/right-now/Erie+CO+USCO0129:1:US IE - HKU\Glen_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: I:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: I:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: I:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3: I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: I:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: I:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: I:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: I:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/01 01:11:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 11:16:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/11/20 20:25:10 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/10/25 22:22:47 | 000,444,707 | R--- | M]) - I:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15272 more lines... O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - I:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - I:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - I:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - I:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - I:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - I:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] I:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [Classic Start Menu] I:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [EvtMgr6] I:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [iAStorIcon] I:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] I:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [MaxMenuMgr] I:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [startCCC] I:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\DefaultAppPool_ON_I..\Run: [HPADVISOR] File not found O4 - HKU\DefaultAppPool_ON_I..\Run: [sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\Glen_ON_I..\Run: [Grid] I:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe () O4 - HKU\Glen_ON_I..\Run: [HydraVisionDesktopManager] I:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\Glen_ON_I..\Run: [HydraVisionMDEngine] I:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKU\Glen_ON_I..\Run: [LinkStashMonitor] I:\Program Files (x86)\LinkStash\lsmon.exe () O4 - HKU\Glen_ON_I..\Run: [svñhîst] File not found O4 - HKU\LocalService_ON_I..\Run: [sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_I..\Run: [sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\DefaultAppPool_ON_I..\RunOnce: [mctadmin] File not found O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found O4 - Startup: Error locating startup folders. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\Glen_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - I:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - I:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - Glen_ON_I\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - I:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/11/20 20:04:10 | 000,000,000 | ---D | C] -- I:\FRST [2012/11/12 23:56:15 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{135F2ADE-ACA3-47C8-8126-A227FA1799A3} [2012/11/12 12:21:19 | 000,000,000 | ---D | C] -- I:\ProgramData\ATI [2012/11/12 12:21:18 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\AMD AVT [2012/11/12 12:21:16 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\AMD APP [2012/11/12 12:21:07 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/11/12 12:20:18 | 000,000,000 | ---D | C] -- I:\Program Files\ATI [2012/11/12 11:55:41 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{43D30A77-F383-498A-B226-517E76221442} [2012/11/11 23:55:06 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{E8657607-7D0F-4E4B-B22B-141AD3F5A464} [2012/11/11 11:54:32 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{6E04220D-0074-42BA-9AD9-40BD3E84B131} [2012/11/10 14:50:24 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{0B97FBBC-CF08-4771-AB89-4CF6C24BA724} [2012/11/09 23:55:49 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{9B9BADB8-B11C-4604-B2BB-BCD405E9180B} [2012/11/09 11:55:26 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{DAE2862F-D591-41FA-8878-70DF5B6AFBEF} [2012/11/08 23:54:52 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{2744916D-0B0E-4667-B487-AF86427E7EA6} [2012/11/08 11:54:29 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{E4FF8A2E-F143-4138-B051-D31A7AD907AE} [2012/11/08 00:03:38 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/08 00:03:34 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\QuickTime [2012/11/07 18:27:52 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{26779CC5-967A-4872-A30B-46F9088BE921} [2012/11/07 00:38:43 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{E67E6DCB-A8C4-4917-8BEE-BBCA698A7851} [2012/11/06 12:38:08 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{8D1438DF-B3F6-4F16-9AB4-31686577EDD6} [2012/11/06 00:37:34 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{CD2571DE-AEE8-47AB-98EC-06288107AF86} [2012/11/05 19:24:25 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2012/11/05 12:37:11 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{6A38D110-3B18-4E8A-A772-B32B66C5AF4B} [2012/11/04 13:28:29 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{2EF523FB-5DE3-4EB5-B2F5-16B428E0DECD} [2012/11/04 01:27:54 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{FE991D58-D6C2-4BDF-BA09-79EB46D6C888} [2012/11/03 13:27:31 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{34F437B3-3511-4365-B522-5CF9E1C202DA} [2012/11/02 20:40:48 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician [2012/11/02 20:40:45 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Samsung SSD Magician [2012/11/02 18:27:41 | 000,000,000 | ---D | C] -- I:\ICONS [2012/11/02 18:25:44 | 000,000,000 | ---D | C] -- I:\CURSORS [2012/11/02 18:21:26 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2012/11/02 18:21:26 | 000,000,000 | ---D | C] -- I:\Program Files\Classic Shell [2012/11/02 18:17:13 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{8E816E8B-4239-42D1-9A77-B614DD5D026F} [2012/11/02 16:56:20 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{D0DD8817-50A0-4DB3-8EC1-82CCC21018F2} [2012/11/02 16:30:03 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{803D4D60-994A-445E-8066-B98373049640} [2012/10/26 11:38:20 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{7EA82703-4645-4503-8D12-8856E607756D} [2012/10/26 11:34:29 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{498D78CA-FFB5-46CD-AEF7-51D2EEDDF0DB} [2012/10/25 13:20:42 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{523C112A-6A8F-423C-9A73-C9372EFCA675} [2012/10/25 05:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- I:\Windows\SysWow64\QuickTimeVR.qtx [2012/10/25 05:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- I:\Windows\SysWow64\QuickTime.qts [2012/10/24 09:31:49 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{864E8024-E64C-4175-9E8F-7BD34CDA727C} [2012/10/24 00:20:54 | 000,000,000 | ---D | C] -- I:\Windows\Minidump [2012/10/23 12:20:30 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{D6C5408C-9045-4C4A-9C54-D7E5608166A6} [2012/10/22 12:40:08 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{8FD7A988-7F27-41A0-87D7-811B0A24B044} [2012/10/22 00:39:34 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{8CF8D34B-1262-4F57-8B80-5C0E6EF1F3DC} [1 I:\Program Files (x86)\*.tmp files -> I:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/20 20:26:21 | 1153,433,600 | ---- | M] () -- I:\RAMDisk.img [2012/11/20 20:26:19 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat [2012/11/20 20:25:11 | 000,000,890 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/20 20:05:02 | 000,717,976 | ---- | M] () -- I:\Windows\System32\perfh009.dat [2012/11/20 20:05:02 | 000,140,468 | ---- | M] () -- I:\Windows\System32\perfc009.dat [2012/11/20 13:30:18 | 000,006,632 | ---- | M] () -- I:\bootsqm.dat [2012/11/20 12:28:53 | 000,001,021 | ---- | M] () -- I:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LinkStash.lnk [2012/11/19 16:35:59 | 000,001,599 | ---- | M] () -- I:\Users\Glen\Desktop\mbam.exe.lnk [2012/11/19 16:21:13 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/13 11:50:57 | 000,015,984 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/13 11:50:57 | 000,015,984 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/13 00:44:00 | 000,000,830 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/13 00:07:00 | 000,000,894 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/12 12:21:07 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/11/08 00:03:38 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/06 17:44:52 | 000,001,289 | ---- | M] () -- I:\Users\Glen\Desktop\Windows Explorer.lnk [2012/11/05 19:24:26 | 000,001,187 | ---- | M] () -- I:\Users\Glen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2012/11/05 19:24:26 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2012/11/03 18:13:01 | 000,000,328 | ---- | M] () -- I:\Windows\tasks\HPCeeScheduleForGlen.job [2012/11/02 20:40:48 | 000,001,246 | ---- | M] () -- I:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2012/11/02 20:40:48 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician [2012/11/02 20:21:27 | 000,001,836 | ---- | M] () -- I:\Users\Glen\Desktop\SpeedFan.lnk [2012/11/02 20:20:57 | 000,001,293 | ---- | M] () -- I:\Users\Glen\Desktop\DNSBench.lnk [2012/11/02 20:20:20 | 000,002,025 | ---- | M] () -- I:\Users\Glen\Desktop\ColorCopy.lnk [2012/11/02 20:18:29 | 000,002,108 | ---- | M] () -- I:\Users\Glen\Desktop\Task Mgr.lnk [2012/11/02 20:16:01 | 000,001,603 | ---- | M] () -- I:\Users\Glen\Desktop\Disk Mgr.lnk [2012/11/02 20:11:41 | 000,001,733 | ---- | M] () -- I:\Users\Glen\Desktop\My Calendar.lnk [2012/11/02 20:09:41 | 000,002,139 | ---- | M] () -- I:\Users\Glen\Desktop\I QUIT.lnk [2012/11/02 20:03:30 | 000,002,481 | ---- | M] () -- I:\Users\Glen\Desktop\Rx Refill.lnk [2012/11/02 20:02:57 | 000,002,193 | ---- | M] () -- I:\Users\Glen\Desktop\Monthly Bills.lnk [2012/11/02 19:57:51 | 000,000,930 | ---- | M] () -- I:\Users\Glen\Desktop\Control Panel.lnk [2012/11/02 19:57:06 | 000,001,339 | ---- | M] () -- I:\Users\Glen\Desktop\Printers.lnk [2012/11/02 18:21:26 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2012/10/25 22:36:38 | 000,001,164 | ---- | M] () -- I:\Users\Glen\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/25 22:22:47 | 000,444,707 | R--- | M] () -- I:\Windows\System32\drivers\etc\hosts [2012/10/25 05:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- I:\Windows\SysWow64\QuickTimeVR.qtx [2012/10/25 05:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- I:\Windows\SysWow64\QuickTime.qts [1 I:\Program Files (x86)\*.tmp files -> I:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/20 13:30:18 | 000,006,632 | ---- | C] () -- I:\bootsqm.dat [2012/11/19 16:35:59 | 000,001,599 | ---- | C] () -- I:\Users\Glen\Desktop\mbam.exe.lnk [2012/11/05 19:24:26 | 000,001,187 | ---- | C] () -- I:\Users\Glen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2012/11/02 17:19:55 | 000,001,289 | ---- | C] () -- I:\Users\Glen\Desktop\Windows Explorer.lnk [2012/08/18 20:56:13 | 000,079,872 | ---- | C] () -- I:\Windows\SysWow64\ff_vfw.dll [2012/06/11 11:50:16 | 000,204,952 | ---- | C] () -- I:\Windows\SysWow64\ativvsvl.dat [2012/06/11 11:50:16 | 000,157,144 | ---- | C] () -- I:\Windows\SysWow64\ativvsva.dat [2012/05/02 16:58:10 | 000,029,184 | ---- | C] () -- I:\Windows\SysWow64\kdbsdk32.dll [2012/04/15 13:54:54 | 002,469,760 | ---- | C] () -- I:\Windows\SysWow64\BootMan.exe [2012/04/15 13:54:54 | 000,086,408 | ---- | C] () -- I:\Windows\SysWow64\setupempdrv03.exe [2012/04/15 13:54:54 | 000,019,840 | ---- | C] () -- I:\Windows\SysWow64\EuEpmGdi.dll [2012/04/15 13:54:54 | 000,014,216 | ---- | C] () -- I:\Windows\SysWow64\epmntdrv.sys [2012/04/15 13:54:54 | 000,008,456 | ---- | C] () -- I:\Windows\SysWow64\EuGdiDrv.sys [2012/04/02 23:49:29 | 000,000,614 | ---- | C] () -- I:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/11/06 20:06:19 | 000,000,069 | ---- | C] () -- I:\Windows\NeroDigital.ini [2011/10/25 23:21:34 | 000,056,832 | ---- | C] () -- I:\Windows\SysWow64\OVDecoder.dll [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- I:\Windows\SysWow64\atipblag.dat [2011/03/22 16:28:07 | 000,000,621 | ---- | C] () -- I:\Users\Glen\AppData\Roaming\Network Monitor II_Settings.ini [2011/02/25 01:05:22 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll [2010/12/20 17:02:11 | 000,000,193 | ---- | C] () -- I:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010/12/01 01:10:15 | 000,023,140 | ---- | C] () -- I:\Windows\hpqins15.dat [2010/07/02 22:33:13 | 000,851,992 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI [2010/06/14 13:21:00 | 000,000,061 | ---- | C] () -- I:\Windows\VSWizard.ini [2010/06/02 13:28:29 | 000,000,848 | -HS- | C] () -- I:\ProgramData\KGyGaAvL.sys [2010/05/14 00:45:35 | 000,477,057 | ---- | C] () -- I:\Windows\hphins29.dat.temp [2010/05/14 00:45:35 | 000,000,724 | ---- | C] () -- I:\Windows\hphmdl29.dat.temp [2010/05/09 23:03:32 | 000,007,646 | ---- | C] () -- I:\Users\Glen\AppData\Local\resmon.resmoncfg [2010/05/06 04:02:39 | 000,000,000 | ---- | C] () -- I:\Windows\ativpsrm.bin [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat [2009/04/01 12:48:16 | 000,053,478 | ---- | C] () -- I:\Windows\mvtcpui.ini [2008/02/01 02:48:00 | 000,040,960 | ---- | C] () -- I:\Windows\sucdapi.dll [2002/09/11 09:26:52 | 000,063,730 | ---- | C] () -- I:\Program Files (x86)\viewsonicinstruct_xp.pdf [1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- I:\Windows\SysWow64\DOCOBJ.DLL [1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- I:\Windows\SysWow64\HLINKPRX.DLL ========== LOP Check ========== [2010/08/22 15:56:32 | 000,000,000 | ---D | M] -- I:\ProgramData\AJC Software [2012/11/12 12:21:18 | 000,000,000 | ---D | M] -- I:\ProgramData\AMD [2011/05/08 17:08:49 | 000,000,000 | ---D | M] -- I:\ProgramData\AmUStor [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data [2011/12/08 18:33:55 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonBJ [2011/12/08 18:47:04 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonEPP [2011/12/08 18:51:48 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonIJEGV [2011/12/08 18:47:04 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonIJEPPEX2 [2011/12/08 18:36:06 | 000,000,000 | ---D | M] -- I:\ProgramData\CanonIJMSetup [2012/01/26 14:27:55 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonIJScan [2011/12/08 18:35:53 | 000,000,000 | ---D | M] -- I:\ProgramData\CanonIJWSpt [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents [2010/12/19 18:37:33 | 000,000,000 | ---D | M] -- I:\ProgramData\Driver Whiz [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites [2012/09/15 17:26:23 | 000,000,000 | ---D | M] -- I:\ProgramData\Futuremark [2010/08/22 15:54:18 | 000,000,000 | ---D | M] -- I:\ProgramData\IsolatedStorage [2010/10/29 13:56:04 | 000,000,000 | ---D | M] -- I:\ProgramData\Karen's Power Tools [2010/07/09 21:06:54 | 000,000,000 | ---D | M] -- I:\ProgramData\LightScribe [2011/11/08 15:06:47 | 000,000,000 | ---D | M] -- I:\ProgramData\Maxtor [2010/05/28 16:13:58 | 000,000,000 | ---D | M] -- I:\ProgramData\MiK [2010/08/31 18:23:49 | 000,000,000 | ---D | M] -- I:\ProgramData\PC-Doctor for Windows [2012/08/22 11:42:08 | 000,000,000 | ---D | M] -- I:\ProgramData\PCPitstop [2011/05/31 19:27:03 | 000,000,000 | ---D | M] -- I:\ProgramData\PCSettings [2012/11/20 13:15:12 | 000,000,000 | ---D | M] -- I:\ProgramData\Recovery [2012/10/16 20:37:16 | 000,000,000 | ---D | M] -- I:\ProgramData\Samsung [2010/10/20 15:58:18 | 000,000,000 | ---D | M] -- I:\ProgramData\Seagate [2012/04/05 11:53:40 | 000,000,000 | ---D | M] -- I:\ProgramData\Soluto [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu [2011/08/10 11:02:29 | 000,000,000 | ---D | M] -- I:\ProgramData\Temp [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates [2012/05/18 23:11:05 | 000,000,000 | ---D | M] -- I:\ProgramData\TP-LINK [2010/05/06 04:30:38 | 000,000,000 | ---D | M] -- I:\ProgramData\WildTangent [2011/10/26 22:24:51 | 000,000,000 | ---D | M] -- I:\ProgramData\WinZip [2012/08/19 16:18:24 | 000,000,000 | ---D | M] -- I:\ProgramData\Zoom Player [2010/05/06 04:21:56 | 000,000,000 | ---D | M] -- I:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D} [2012/10/05 18:28:50 | 000,000,456 | ---- | M] () -- I:\Windows\Tasks\PCDRScheduledMaintenance.job [2012/10/11 12:02:00 | 000,032,572 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/11/11 00:21:20 | 000,000,088 | ---- | M] ()(I:\Windows\SysWow64\?XÑ) -- I:\Windows\SysWow64\XÑ [2011/11/11 00:21:20 | 000,000,088 | ---- | C] ()(I:\Windows\SysWow64\?XÑ) -- I:\Windows\SysWow64\XÑ ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> I:\ProgramData\Temp:CF778051 < End of report >

I hasten to add that my computers are for hobby use and are not mission critical (now my wife's desktop is identical to my sick one and you can bet it is the top priority machine around here!! Ha! Fortunately, it is OK). I am writing this on a very nice, new-this-summer laptop, so I am not hurting. I don't want you to think this is a most pressing issue to solve immediately. I value your time and respect your willingness to help.

Sometimes I use Ccleaner to clean the Registry after I install a new program and I have Ccleaner do a manual backup at that time, but I don't believe there are any auto backups of it. I have never heard of ERUNT before. I do not have any auto backups running on the computer at all - I do a complete manual backup of my D:\ drive every week that contains only & all of my data. Some notes - when I dbbl click the OTLPE icon, a smallish black popup (looks kind of like a DOS window) flashes up and instantly off just before the "Browse For Folder" popup comes on screen. Also, when I click Cancel on the "Browse For Folder" (and don't select a folder), a popup comes up titled "Runscanner ..." that says "No windows installations found." If I do select the SYSTEM (C:) folder, then a popup titled "RunScanner Error" says "Target is not windows 2000 or later." (In my quotes, I have reproduced the capitalizations exactly.)

I burned the CD, loaded it on the sick one, the Reatogo-X-pe desktop came up, double-clicked OTLPE and got a "Browse For Folder....Choose Windows Directory" popup. Not what we expected. Am waiting your input. I'm 70 - started my Bell Labs career at Holmdel.

I have been trying to follow your directions all morning (I am in Colorado so I am 2 hrs later than you in NJ). I appreciate your help! I can get to the 'Repair your computer' prompt but when I select it, I am taken to the 'Windows Boot Manager' screen "Windows failed to start......Status: 0xc000000e.......Info: The bootselection failed because a required device is inaccessible." If I allow the computer to start normally, it does start normally, then the 'FBI' blocking popup appears (at which point I immediately shut down. Therefore, my C:\ drive is actually accessable. I have disconnected all other HDs and my network so my C:\ is isolated. I do have a Win7 64bit Bootable Repair Disk, but it lead to the same "inaccessable" message. I do not have a Win installation disk. I can access the Safe Modes, but the SMw/command prompt leads to an 'Admin: cmd.exe' screen with a suspicious looking (to me) "Tablet PC Input Panel" tab appearing to the middle left-hand side. Otherwise, the command prompt is there - I did nothing with it yet; I'll wait to hear from you.