dragon8161

Tried http://www.winhelponline.com/blog/file-ass...-for-windows-7/ EXE did not work. Cannot import c:\users\charboneau\desktop\exe_w7.reg: not all data was successfully written to the registry some keys are open by system or other processes. Tried a second time in safe mode same message. CA still shows 6 threats.

I am at work but at when I get home at 1:00AM (8 am your time) what should I do next.

CA still showing 6 alerts, will have to pick this up later have to work evenings, thank you for you help so far, see you tomorrow.

exehelper log: exeHelper by Raktor Build 20100414 Run at 13:50:55 on 05/09/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- When I ran this My Stopzilla spyware protection picked this up: Registry enforcer 2010-05-09 13:51:19 Deleted registry value DisableCMD in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:19 Detected malicious registry entry DisableCMD in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-05-09 13:51:17 Deleted registry value NoFolderOptions in hklm\software\microsoft\windows\currentversion\policies\explorer Warning/Detection COM enforcer 2010-05-09 13:51:17 Detected malicious registry entry NoFolderOptions in hklm\software\microsoft\windows\currentversion\policies\explorer Block/Extraction Registry enforcer 2010-05-09 13:51:16 Deleted registry value DisableCMD in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:16 Detected malicious registry entry DisableCMD in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-05-09 13:51:15 Deleted registry value DisableCMD in hkus\S-1-5-21-702038232-3936553361-3625785534-1000\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:15 Detected malicious registry entry DisableCMD in hkus\S-1-5-21-702038232-3936553361-3625785534-1000\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-05-09 13:51:15 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:15 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-05-09 13:51:14 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:14 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-05-09 13:51:13 Deleted registry value DisableRegistryTools in hkus\S-1-5-21-702038232-3936553361-3625785534-1000\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:13 Detected malicious registry entry DisableRegistryTools in hkus\S-1-5-21-702038232-3936553361-3625785534-1000\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-05-09 13:51:11 Deleted registry value DisableTaskMgr in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:11 Detected malicious registry entry DisableTaskMgr in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-05-09 13:51:11 Deleted registry value DisableTaskMgr in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:11 Detected malicious registry entry DisableTaskMgr in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-05-09 13:51:11 Deleted registry value NoFolderOptions in hkus\S-1-5-21-702038232-3936553361-3625785534-1000\software\microsoft\windows\currentversion\policies\explorer Warning/Detection COM enforcer 2010-05-09 13:51:11 Detected malicious registry entry NoFolderOptions in hkus\S-1-5-21-702038232-3936553361-3625785534-1000\software\microsoft\windows\currentversion\policies\explorer Block/Extraction Registry enforcer 2010-05-09 13:51:11 Deleted registry value DisableTaskMgr in hkus\S-1-5-21-702038232-3936553361-3625785534-1000\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-05-09 13:51:11 Detected malicious registry entry DisableTaskMgr in hkus\S-1-5-21-702038232-3936553361-3625785534-1000\software\microsoft\windows\currentversion\policies\system

No, I have even gone to regedit and looked at the file found by CA, "HKEY_CURRENT_USER\Software\Classes\.exe", just don't dare delete it. Rather have a program clean it for me that way I know all pieces are gone. 5/9/2010 1:20:34 PM 6 XP Internet Security 2010 software\classes\.exe 3 993 0 XP Internet Security 2010 3 993 3 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command 3 993 0

Appears to be running, then reboots computer no logs created.

Avz say script is good, I try it run it starts then gives me error, avz has stopped working a problem caused the program to stop working correctly windows will close program and notify you if a solution is available.

When I browse to C:\Windows\System32\SCardSvr.dll using Virus Total browser the file is not there. It is there when I go to MY Computer C:\Windows\System32\SCardSvr.dll. It must be some how hiding itself from the Virus Total Browser.

Can not cut and past to http://virustotal.com. When you click in window next to browse it opens new window to browse for files. When I paste C:\Windows\System32\SCardSvr.dll in browser window to search for it, it says file can not be found check path or spelling. I browsed to the location stated in path and there is no file by that name there is a ScarDlg.dll.

AVZ zips attached virusinfo_syscure.zip virusinfo_syscheck.zip

No, CA internet security quick scan still finding 6 xp internet security threats. CA log: 5/8/2010 5:07:35 PM 6 XP Internet Security 2010 software\classes\.exe 3 993 0 XP Internet Security 2010 3 993 3 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command 3 993 0

OTL logfile created on: 5/8/2010 4:49:05 PM - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Charboneau\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 219.07 Gb Total Space | 184.08 Gb Free Space | 84.03% Space Free | Partition Type: NTFS Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MATTHEW-PC Current User Name: Charboneau Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/04/09 21:04:02 | 000,177,600 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe PRC - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe PRC - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe PRC - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe ========== Modules (SafeList) ========== MOD - [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/05/05 09:17:03 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP) SRV:64bit: - [2010/05/05 09:17:03 | 000,285,008 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC) SRV:64bit: - [2010/04/10 14:07:10 | 001,255,736 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV:64bit: - [2009/11/21 00:29:38 | 000,304,128 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe) SRV:64bit: - [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/08/04 11:42:24 | 001,479,160 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent) SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver) SRV - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol) SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg) SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2005/11/14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2009/12/23 11:29:38 | 000,141,304 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT) DRV:64bit: - [2009/12/23 11:29:38 | 000,106,488 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent) DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:64bit: - [2009/09/30 17:51:02 | 000,334,712 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg) DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt) DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM) DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/03/09 10:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV - [2010/05/08 16:45:45 | 000,004,857 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\kmxcfg.u2k0 -- (KmxCfg) DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5) DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/31 00:08:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/10 14:00:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/10 14:00:46 | 000,000,000 | ---D | M] [2010/04/10 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\mozilla\Extensions [2010/05/08 14:36:00 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions [2010/05/04 10:13:12 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/04/10 14:11:10 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010/05/04 10:13:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/10 14:11:11 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/04/10 14:11:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/05/07 14:33:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2010/04/09 14:53:22 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll (iS3, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6d5d3f2f-46fa-11df-bba3-00269ec53d15}\Shell - "" = AutoRun O33 - MountPoints2\{6d5d3f2f-46fa-11df-bba3-00269ec53d15}\Shell\AutoRun\command - "" = G:\HPLauncher.exe -- File not found O33 - MountPoints2\{c5651e6f-4438-11df-8a13-00269ec53d15}\Shell - "" = AutoRun O33 - MountPoints2\{c5651e6f-4438-11df-8a13-00269ec53d15}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 90 Days ========== [2010/05/08 16:45:10 | 000,000,000 | ---D | C] -- C:\_OTL [2010/05/08 14:16:59 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe [2010/05/08 08:05:49 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\hpqlog [2010/05/07 17:40:59 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\Documents\Pro Media Director [2010/05/07 14:42:02 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Charboneau\Desktop\JavaRa.exe [2010/05/07 14:31:13 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Adobe [2010/05/06 08:11:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/05/06 08:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/05/05 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010/05/05 09:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA [2010/05/05 09:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\CA [2010/05/05 09:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CA [2010/05/04 11:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010/05/04 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Macromedia [2010/04/27 09:09:22 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Hewlett-Packard [2010/04/19 15:06:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/04/13 08:48:10 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\AVS4YOU [2010/04/12 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/04/12 14:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010/04/12 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Diagnostics [2010/04/12 11:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010/04/12 11:15:38 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Adobe [2010/04/12 11:15:34 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\GetRightToGo [2010/04/12 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Malwarebytes [2010/04/10 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Matthew\rapid [2010/04/10 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\WinRAR [2010/04/10 14:14:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010/04/10 14:14:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010/04/10 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Mozilla [2010/04/10 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\ATI [2010/04/10 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\ATI [2010/04/10 13:07:26 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\VirtualStore [2010/04/10 13:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2010/04/10 11:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010/04/10 11:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pelican Performance [2010/04/10 09:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla! [2010/04/09 20:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010/04/09 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2010/04/09 20:45:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/04/09 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/04/09 20:44:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew\saved aps [2010/04/09 20:43:46 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Mozilla [2010/04/09 20:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010/04/09 20:39:30 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Cyberlink [2010/04/09 14:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard [2010/04/09 14:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3 [2010/04/09 14:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2010/04/09 14:48:41 | 001,003,008 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll [2010/04/09 14:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2010/04/09 14:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010/04/09 14:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2010/04/09 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010/04/09 14:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/04/09 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010/04/09 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010/04/09 10:48:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/04/09 10:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010/04/09 10:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010/04/09 10:45:04 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW [2010/04/09 10:07:03 | 000,250,608 | ---- | C] (CA, Inc.) -- C:\Windows\SysNative\isafprod64.dll [2010/04/09 10:07:03 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\SysWow64\Isafprod.dll [2010/04/09 10:07:03 | 000,140,016 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\isafeif64.dll [2010/04/09 10:07:03 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Isafeif.dll [2010/04/09 10:07:03 | 000,103,152 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\vetredir64.dll [2010/04/09 10:07:03 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Vetredir.dll [2010/04/09 10:07:02 | 000,000,000 | -H-D | C] -- C:\Config.msi [2010/04/09 02:41:14 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Microsoft Games [2010/04/08 22:30:59 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Searches [2010/04/08 22:30:49 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Contacts [2010/04/08 22:30:28 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Hewlett-Packard [2010/04/08 22:27:26 | 000,000,000 | --SD | C] -- C:\Users\Matthew\AppData\Roaming\Microsoft [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Videos [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Saved Games [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Pictures [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Music [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Links [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Favorites [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Downloads [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\My Documents [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Desktop [2010/04/08 22:27:26 | 000,000,000 | -H-D | C] -- C:\Users\Matthew\AppData [2010/04/08 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Temp [2010/04/08 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Microsoft [2010/03/05 18:16:42 | 000,017,408 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll [2010/03/05 18:14:16 | 000,442,368 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll [2010/03/05 18:13:44 | 000,540,672 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll ========== Files - Modified Within 90 Days ========== [2010/05/08 16:46:55 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2010/05/08 16:46:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/08 16:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/08 16:46:10 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys [2010/05/08 16:45:45 | 000,004,857 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0 [2010/05/08 16:45:45 | 000,000,209 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1 [2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7 [2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6 [2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5 [2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4 [2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3 [2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2 [2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7 [2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6 [2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5 [2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4 [2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3 [2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2 [2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1 [2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0 [2010/05/08 16:45:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/08 16:45:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/08 16:45:33 | 001,048,576 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat [2010/05/08 16:45:30 | 001,333,081 | -H-- | M] () -- C:\Users\Charboneau\AppData\Local\IconCache.db [2010/05/08 16:45:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/05/08 16:45:20 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/05/08 16:45:20 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/05/08 09:21:56 | 318,360,088 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/05/08 08:46:08 | 000,000,160 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg [2010/05/08 07:47:04 | 000,127,039 | ---- | M] () -- C:\Users\Charboneau\Desktop\CA internet security.png [2010/05/08 01:29:04 | 000,163,545 | ---- | M] () -- C:\Users\Charboneau\Desktop\CureIt.zip [2010/05/08 01:18:39 | 000,001,236 | ---- | M] () -- C:\Users\Charboneau\Desktop\Downloads - Shortcut.lnk [2010/05/08 00:42:26 | 000,127,462 | ---- | M] () -- C:\Users\Charboneau\Desktop\Dr.Web Cureit screen.png [2010/05/06 08:11:30 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/05 11:18:30 | 000,002,999 | ---- | M] () -- C:\Users\Charboneau\Desktop\HiJackThis.lnk [2010/05/04 10:12:02 | 000,001,885 | ---- | M] () -- C:\Users\Charboneau\Desktop\CCleaner.lnk [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/04/19 14:22:01 | 000,000,101 | ---- | M] () -- C:\Users\Charboneau\AppData\Roaming\AVSMediaPlayer.m3u [2010/04/12 13:17:40 | 000,063,460 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc [2010/04/12 12:06:45 | 000,018,594 | ---- | M] () -- C:\Windows\SysNative\entitlement.xml [2010/04/10 14:28:16 | 000,000,969 | ---- | M] () -- C:\Users\Charboneau\Desktop\rapid - Shortcut.lnk [2010/04/10 14:16:25 | 000,442,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/04/10 14:00:49 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/10 13:11:27 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 13:11:27 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 13:11:27 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 13:08:13 | 000,118,664 | ---- | M] () -- C:\Users\Charboneau\AppData\Local\GDIPFONTCACHEV1.DAT [2010/04/10 12:55:24 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 12:55:24 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 12:55:24 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 12:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 12:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 12:55:22 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 11:22:52 | 000,001,254 | ---- | M] () -- C:\Users\Charboneau\Desktop\Pro Media Director.lnk [2010/04/09 20:50:00 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini [2010/04/09 20:39:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/04/09 14:49:11 | 000,001,201 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS Disc Creator.lnk [2010/04/09 14:47:52 | 000,001,213 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS DVD Authoring.lnk [2010/04/09 14:47:05 | 000,001,295 | ---- | M] () -- C:\Users\Public\Desktop\AVS Media Player.lnk [2010/04/09 14:45:50 | 000,001,244 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS Video Converter 6.lnk [2010/04/09 10:52:51 | 000,002,693 | ---- | M] () -- C:\Users\Charboneau\Desktop\Microsoft Office Word 2007.lnk [2010/04/08 22:27:27 | 000,000,020 | -HS- | M] () -- C:\Users\Charboneau\ntuser.ini [2010/04/08 18:26:55 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010/04/08 18:26:55 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010/03/17 07:52:36 | 000,525,824 | ---- | M] () -- C:\Users\Charboneau\Desktop\dds.scr [2010/03/05 18:16:42 | 000,017,408 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll [2010/03/05 18:14:16 | 000,442,368 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll [2010/03/05 18:13:44 | 000,540,672 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll ========== Files Created - No Company Name ========== [2010/05/08 16:46:53 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2010/05/08 09:21:56 | 318,360,088 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/05/08 08:46:08 | 000,000,160 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg [2010/05/08 07:43:21 | 000,127,039 | ---- | C] () -- C:\Users\Charboneau\Desktop\CA internet security.png [2010/05/08 01:29:04 | 000,163,545 | ---- | C] () -- C:\Users\Charboneau\Desktop\CureIt.zip [2010/05/08 00:42:26 | 000,127,462 | ---- | C] () -- C:\Users\Charboneau\Desktop\Dr.Web Cureit screen.png [2010/05/07 14:55:19 | 002,672,312 | ---- | C] () -- C:\Users\Charboneau\Desktop\esetsmartinstaller_enu.exe [2010/05/07 14:42:02 | 000,245,103 | ---- | C] () -- C:\Users\Charboneau\Desktop\JavaRa.def [2010/05/07 00:49:15 | 000,293,376 | ---- | C] () -- C:\Users\Charboneau\Desktop\gmer.exe [2010/05/07 00:27:19 | 000,525,824 | ---- | C] () -- C:\Users\Charboneau\Desktop\dds.scr [2010/05/06 08:11:30 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/05 11:18:30 | 000,002,999 | ---- | C] () -- C:\Users\Charboneau\Desktop\HiJackThis.lnk [2010/05/05 09:18:44 | 000,004,857 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0 [2010/05/05 09:18:44 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2 [2010/04/15 16:40:31 | 000,000,101 | ---- | C] () -- C:\Users\Charboneau\AppData\Roaming\AVSMediaPlayer.m3u [2010/04/12 14:02:40 | 000,001,236 | ---- | C] () -- C:\Users\Charboneau\Desktop\Downloads - Shortcut.lnk [2010/04/12 13:17:37 | 000,063,460 | ---- | C] () -- C:\Windows\SysNative\drivers\KmxAgent.asc [2010/04/12 12:06:45 | 000,018,594 | ---- | C] () -- C:\Windows\SysNative\entitlement.xml [2010/04/10 14:28:16 | 000,000,969 | ---- | C] () -- C:\Users\Charboneau\Desktop\rapid - Shortcut.lnk [2010/04/10 14:00:49 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/10 13:06:57 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 13:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 13:06:56 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 12:55:23 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 12:55:23 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 12:55:23 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 12:55:22 | 001,048,576 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat [2010/04/10 12:55:22 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 12:55:22 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 12:55:22 | 000,262,144 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat.LOG1 [2010/04/10 12:55:22 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 12:55:22 | 000,000,000 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat.LOG2 [2010/04/10 11:22:52 | 000,001,254 | ---- | C] () -- C:\Users\Charboneau\Desktop\Pro Media Director.lnk [2010/04/09 20:39:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/04/09 14:49:11 | 000,001,201 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS Disc Creator.lnk [2010/04/09 14:47:52 | 000,001,213 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS DVD Authoring.lnk [2010/04/09 14:47:05 | 000,001,295 | ---- | C] () -- C:\Users\Public\Desktop\AVS Media Player.lnk [2010/04/09 14:46:49 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx [2010/04/09 14:45:50 | 000,001,244 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS Video Converter 6.lnk [2010/04/09 14:41:21 | 000,001,885 | ---- | C] () -- C:\Users\Charboneau\Desktop\CCleaner.lnk [2010/04/09 10:52:51 | 000,002,693 | ---- | C] () -- C:\Users\Charboneau\Desktop\Microsoft Office Word 2007.lnk [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0 [2010/04/08 22:31:25 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2010/04/08 22:27:27 | 000,000,020 | -HS- | C] () -- C:\Users\Charboneau\ntuser.ini [2009/12/26 04:24:39 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2009/12/26 04:24:39 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010/04/12 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\GetRightToGo [2009/07/14 01:08:49 | 000,019,844 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >

OTL Extras logfile created on: 5/8/2010 2:20:22 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Charboneau\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 219.07 Gb Total Space | 184.05 Gb Free Space | 84.02% Space Free | Partition Type: NTFS Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MATTHEW-PC Current User Name: Charboneau Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-702038232-3936553361-3625785534-1000\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{244FBE3B-3814-4999-A24D-672149DC822B}" = AMRT "{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64 "eTrust Suite Personal" = CA Internet Security Suite "LSI Soft Modem" = LSI HDA Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation "{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista "{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light "{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai "{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common "{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar "{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish "{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian "{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish "{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant "{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere "{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" = "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English "{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla "{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148 "{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech "{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek "{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian "{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard "{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2 "AVS Disc Creator_is1" = AVS Disc Creator version 4.1 "AVS DVD Authoring_is1" = AVS DVD Authoring "AVS Media Player_is1" = AVS Media Player 3.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "AVSCoverEditor2_is1" = AVS Cover Editor 2.0.0.75 "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "HP Smart Web Printing" = HP Smart Web Printing "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12) "Pro Media Director_is1" = Pro Media Director Version 2.0.0.1 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/12/2010 1:31:17 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99 Description = Error - 4/12/2010 1:39:02 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99 Description = Error - 4/13/2010 8:48:17 AM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99 Description = Error - 4/15/2010 2:25:02 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99 Description = Error - 4/15/2010 3:27:13 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 67 Description = Error - 4/15/2010 3:28:13 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99 Description = Error - 4/19/2010 2:21:26 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99 Description = Error - 4/19/2010 2:26:47 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 67 Description = Error - 4/19/2010 2:27:47 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99 Description = Error - 4/19/2010 3:09:25 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99 Description = [ System Events ] Error - 5/5/2010 11:11:38 AM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 5/5/2010 11:11:51 AM | Computer Name = Matthew-PC | Source = ACPI | ID = 327693 Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error - 5/5/2010 11:12:03 AM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: is3srv TfFsMon TfSysMon Error - 5/5/2010 11:19:58 AM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 5/5/2010 11:20:13 AM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: is3srv TfFsMon TfSysMon Error - 5/5/2010 11:56:41 AM | Computer Name = Matthew-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 11:30:49 AM on ?5/?5/?2010 was unexpected. Error - 5/5/2010 11:56:41 AM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 5/5/2010 11:57:00 AM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: is3srv TfFsMon TfSysMon Error - 5/5/2010 12:09:58 PM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 5/5/2010 12:10:13 PM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: is3srv TfFsMon TfSysMon < End of report >

OTL logfile created on: 5/8/2010 2:20:22 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Charboneau\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 219.07 Gb Total Space | 184.05 Gb Free Space | 84.02% Space Free | Partition Type: NTFS Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MATTHEW-PC Current User Name: Charboneau Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/04/09 21:04:02 | 000,177,600 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe PRC - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe PRC - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe PRC - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe ========== Modules (SafeList) ========== MOD - [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/05/05 09:17:03 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP) SRV:64bit: - [2010/05/05 09:17:03 | 000,285,008 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC) SRV:64bit: - [2010/04/10 14:07:10 | 001,255,736 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV:64bit: - [2009/11/21 00:29:38 | 000,304,128 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe) SRV:64bit: - [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/08/04 11:42:24 | 001,479,160 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent) SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver) SRV - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol) SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg) SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2005/11/14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2009/12/23 11:29:38 | 000,141,304 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT) DRV:64bit: - [2009/12/23 11:29:38 | 000,106,488 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent) DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:64bit: - [2009/09/30 17:51:02 | 000,334,712 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg) DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt) DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM) DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/03/09 10:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV - [2010/05/08 09:55:39 | 000,004,857 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\kmxcfg.u2k0 -- (KmxCfg) DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5) DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/31 00:08:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/10 14:00:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/10 14:00:46 | 000,000,000 | ---D | M] [2010/04/10 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\mozilla\Extensions [2010/05/07 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions [2010/05/04 10:13:12 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/04/10 14:11:10 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010/05/04 10:13:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/10 14:11:11 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/04/10 14:11:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/05/07 14:33:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2010/04/09 14:53:22 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll (iS3, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) O3 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6d5d3f2f-46fa-11df-bba3-00269ec53d15}\Shell - "" = AutoRun O33 - MountPoints2\{6d5d3f2f-46fa-11df-bba3-00269ec53d15}\Shell\AutoRun\command - "" = G:\HPLauncher.exe -- File not found O33 - MountPoints2\{c5651e6f-4438-11df-8a13-00269ec53d15}\Shell - "" = AutoRun O33 - MountPoints2\{c5651e6f-4438-11df-8a13-00269ec53d15}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/05/08 14:16:59 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe [2010/05/08 08:05:49 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\hpqlog [2010/05/07 17:40:59 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\Documents\Pro Media Director [2010/05/07 14:42:02 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Charboneau\Desktop\JavaRa.exe [2010/05/07 14:31:13 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Adobe [2010/05/06 08:11:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/05/06 08:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/05/05 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010/05/05 09:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA [2010/05/05 09:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\CA [2010/05/05 09:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CA [2010/05/04 11:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010/05/04 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Macromedia [2010/05/04 10:04:29 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010/05/04 10:04:04 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010/05/04 10:04:04 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys [2010/04/27 09:09:22 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Hewlett-Packard [2010/04/19 15:06:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/04/15 14:29:37 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010/04/15 14:29:37 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010/04/15 14:29:25 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010/04/15 14:29:24 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010/04/15 14:29:24 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010/04/15 14:27:04 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010/04/15 14:27:04 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010/04/15 14:27:03 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010/04/15 14:27:03 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010/04/13 08:48:10 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\AVS4YOU [2010/04/12 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/04/12 14:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010/04/12 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Diagnostics [2010/04/12 11:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010/04/12 11:15:38 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Adobe [2010/04/12 11:15:34 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\GetRightToGo [2010/04/12 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Malwarebytes [2010/04/10 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Matthew\rapid [2010/04/10 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\WinRAR [2010/04/10 14:14:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010/04/10 14:14:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010/04/10 14:05:40 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010/04/10 14:05:38 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010/04/10 14:05:38 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010/04/10 14:05:38 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010/04/10 14:05:37 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010/04/10 14:05:37 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010/04/10 14:05:16 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010/04/10 14:05:16 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010/04/10 14:05:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010/04/10 14:05:16 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010/04/10 14:05:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010/04/10 14:05:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010/04/10 14:05:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010/04/10 14:05:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010/04/10 14:05:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010/04/10 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Mozilla [2010/04/10 13:38:28 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010/04/10 13:38:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010/04/10 13:38:27 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010/04/10 13:38:27 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010/04/10 13:38:27 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010/04/10 13:38:27 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010/04/10 13:38:27 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010/04/10 13:38:27 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010/04/10 13:38:27 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010/04/10 13:38:27 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010/04/10 13:38:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010/04/10 13:38:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010/04/10 13:38:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010/04/10 13:38:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010/04/10 13:38:26 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010/04/10 13:38:26 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010/04/10 13:38:17 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010/04/10 13:38:17 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010/04/10 13:38:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010/04/10 13:38:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010/04/10 13:38:12 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010/04/10 13:38:12 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010/04/10 13:38:12 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010/04/10 13:38:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010/04/10 13:38:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010/04/10 13:38:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010/04/10 13:38:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010/04/10 13:38:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010/04/10 13:38:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010/04/10 13:38:00 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010/04/10 13:37:59 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010/04/10 13:37:59 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010/04/10 13:37:59 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010/04/10 13:37:59 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010/04/10 13:37:59 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010/04/10 13:37:59 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010/04/10 13:37:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010/04/10 13:35:54 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010/04/10 13:35:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010/04/10 13:35:54 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010/04/10 13:35:54 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010/04/10 13:35:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010/04/10 13:35:54 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010/04/10 13:35:53 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010/04/10 13:33:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010/04/10 13:33:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010/04/10 13:21:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010/04/10 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\ATI [2010/04/10 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\ATI [2010/04/10 13:07:26 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\VirtualStore [2010/04/10 13:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2010/04/10 11:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010/04/10 11:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pelican Performance [2010/04/10 09:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla! [2010/04/09 20:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010/04/09 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2010/04/09 20:45:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/04/09 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/04/09 20:44:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew\saved aps [2010/04/09 20:43:46 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Mozilla [2010/04/09 20:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010/04/09 20:39:30 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Cyberlink [2010/04/09 14:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard [2010/04/09 14:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3 [2010/04/09 14:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2010/04/09 14:48:41 | 001,003,008 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll [2010/04/09 14:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2010/04/09 14:45:15 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll [2010/04/09 14:45:15 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll [2010/04/09 14:45:15 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll [2010/04/09 14:45:14 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2010/04/09 14:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010/04/09 14:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2010/04/09 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010/04/09 14:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/04/09 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010/04/09 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010/04/09 10:48:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/04/09 10:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010/04/09 10:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010/04/09 10:45:04 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW [2010/04/09 10:07:03 | 000,250,608 | ---- | C] (CA, Inc.) -- C:\Windows\SysNative\isafprod64.dll [2010/04/09 10:07:03 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\SysWow64\Isafprod.dll [2010/04/09 10:07:03 | 000,140,016 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\isafeif64.dll [2010/04/09 10:07:03 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Isafeif.dll [2010/04/09 10:07:03 | 000,103,152 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\vetredir64.dll [2010/04/09 10:07:03 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Vetredir.dll [2010/04/09 10:07:02 | 000,000,000 | -H-D | C] -- C:\Config.msi [2010/04/09 02:41:14 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Microsoft Games [2010/04/08 22:30:59 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Searches [2010/04/08 22:30:49 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Contacts [2010/04/08 22:30:28 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Hewlett-Packard [2010/04/08 22:27:26 | 000,000,000 | --SD | C] -- C:\Users\Matthew\AppData\Roaming\Microsoft [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Videos [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Saved Games [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Pictures [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Music [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Links [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Favorites [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Downloads [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\My Documents [2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Desktop [2010/04/08 22:27:26 | 000,000,000 | -H-D | C] -- C:\Users\Matthew\AppData [2010/04/08 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Temp [2010/04/08 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Microsoft ========== Files - Modified Within 30 Days ========== [2010/05/08 14:21:52 | 001,048,576 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat [2010/05/08 14:18:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/08 14:18:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/08 14:15:44 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/05/08 14:15:44 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/05/08 14:15:44 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/05/08 14:11:53 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2010/05/08 14:11:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/08 14:11:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/08 14:11:13 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys [2010/05/08 09:55:39 | 000,004,857 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0 [2010/05/08 09:55:39 | 000,000,209 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1 [2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7 [2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6 [2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5 [2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4 [2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3 [2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2 [2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7 [2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6 [2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5 [2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4 [2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3 [2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2 [2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1 [2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0 [2010/05/08 09:55:26 | 001,332,889 | -H-- | M] () -- C:\Users\Charboneau\AppData\Local\IconCache.db [2010/05/08 09:21:56 | 318,360,088 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/05/08 08:46:08 | 000,000,160 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg [2010/05/08 07:47:04 | 000,127,039 | ---- | M] () -- C:\Users\Charboneau\Desktop\CA internet security.png [2010/05/08 01:29:04 | 000,163,545 | ---- | M] () -- C:\Users\Charboneau\Desktop\CureIt.zip [2010/05/08 01:18:39 | 000,001,236 | ---- | M] () -- C:\Users\Charboneau\Desktop\Downloads - Shortcut.lnk [2010/05/08 00:42:26 | 000,127,462 | ---- | M] () -- C:\Users\Charboneau\Desktop\Dr.Web Cureit screen.png [2010/05/06 08:11:30 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/05 11:18:30 | 000,002,999 | ---- | M] () -- C:\Users\Charboneau\Desktop\HiJackThis.lnk [2010/05/04 10:12:02 | 000,001,885 | ---- | M] () -- C:\Users\Charboneau\Desktop\CCleaner.lnk [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/04/19 14:22:01 | 000,000,101 | ---- | M] () -- C:\Users\Charboneau\AppData\Roaming\AVSMediaPlayer.m3u [2010/04/12 13:17:40 | 000,063,460 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc [2010/04/12 12:06:45 | 000,018,594 | ---- | M] () -- C:\Windows\SysNative\entitlement.xml [2010/04/10 14:28:16 | 000,000,969 | ---- | M] () -- C:\Users\Charboneau\Desktop\rapid - Shortcut.lnk [2010/04/10 14:16:25 | 000,442,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/04/10 14:00:49 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/10 13:11:27 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 13:11:27 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 13:11:27 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 13:08:13 | 000,118,664 | ---- | M] () -- C:\Users\Charboneau\AppData\Local\GDIPFONTCACHEV1.DAT [2010/04/10 12:55:24 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 12:55:24 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 12:55:24 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 12:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 12:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 12:55:22 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 11:22:52 | 000,001,254 | ---- | M] () -- C:\Users\Charboneau\Desktop\Pro Media Director.lnk [2010/04/09 20:50:00 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini [2010/04/09 20:39:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/04/09 14:49:11 | 000,001,201 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS Disc Creator.lnk [2010/04/09 14:47:52 | 000,001,213 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS DVD Authoring.lnk [2010/04/09 14:47:05 | 000,001,295 | ---- | M] () -- C:\Users\Public\Desktop\AVS Media Player.lnk [2010/04/09 14:45:50 | 000,001,244 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS Video Converter 6.lnk [2010/04/09 10:52:51 | 000,002,693 | ---- | M] () -- C:\Users\Charboneau\Desktop\Microsoft Office Word 2007.lnk [2010/04/08 22:27:27 | 000,000,020 | -HS- | M] () -- C:\Users\Charboneau\ntuser.ini [2010/04/08 18:26:55 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010/04/08 18:26:55 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2010/05/08 14:11:51 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2010/05/08 09:21:56 | 318,360,088 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/05/08 08:46:08 | 000,000,160 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg [2010/05/08 07:43:21 | 000,127,039 | ---- | C] () -- C:\Users\Charboneau\Desktop\CA internet security.png [2010/05/08 01:29:04 | 000,163,545 | ---- | C] () -- C:\Users\Charboneau\Desktop\CureIt.zip [2010/05/08 00:42:26 | 000,127,462 | ---- | C] () -- C:\Users\Charboneau\Desktop\Dr.Web Cureit screen.png [2010/05/07 14:55:19 | 002,672,312 | ---- | C] () -- C:\Users\Charboneau\Desktop\esetsmartinstaller_enu.exe [2010/05/07 14:42:02 | 000,245,103 | ---- | C] () -- C:\Users\Charboneau\Desktop\JavaRa.def [2010/05/07 00:49:15 | 000,293,376 | ---- | C] () -- C:\Users\Charboneau\Desktop\gmer.exe [2010/05/07 00:27:19 | 000,525,824 | ---- | C] () -- C:\Users\Charboneau\Desktop\dds.scr [2010/05/06 08:11:30 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/05 11:18:30 | 000,002,999 | ---- | C] () -- C:\Users\Charboneau\Desktop\HiJackThis.lnk [2010/05/05 09:18:44 | 000,004,857 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0 [2010/05/05 09:18:44 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3 [2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2 [2010/04/15 16:40:31 | 000,000,101 | ---- | C] () -- C:\Users\Charboneau\AppData\Roaming\AVSMediaPlayer.m3u [2010/04/12 14:02:40 | 000,001,236 | ---- | C] () -- C:\Users\Charboneau\Desktop\Downloads - Shortcut.lnk [2010/04/12 13:17:37 | 000,063,460 | ---- | C] () -- C:\Windows\SysNative\drivers\KmxAgent.asc [2010/04/12 12:06:45 | 000,018,594 | ---- | C] () -- C:\Windows\SysNative\entitlement.xml [2010/04/10 14:28:16 | 000,000,969 | ---- | C] () -- C:\Users\Charboneau\Desktop\rapid - Shortcut.lnk [2010/04/10 14:00:49 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/04/10 13:06:57 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 13:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 13:06:56 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 12:55:23 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 12:55:23 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 12:55:23 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 12:55:22 | 001,048,576 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat [2010/04/10 12:55:22 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms [2010/04/10 12:55:22 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms [2010/04/10 12:55:22 | 000,262,144 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat.LOG1 [2010/04/10 12:55:22 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf [2010/04/10 12:55:22 | 000,000,000 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat.LOG2 [2010/04/10 11:22:52 | 000,001,254 | ---- | C] () -- C:\Users\Charboneau\Desktop\Pro Media Director.lnk [2010/04/09 20:39:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/04/09 14:49:11 | 000,001,201 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS Disc Creator.lnk [2010/04/09 14:47:52 | 000,001,213 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS DVD Authoring.lnk [2010/04/09 14:47:05 | 000,001,295 | ---- | C] () -- C:\Users\Public\Desktop\AVS Media Player.lnk [2010/04/09 14:46:49 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx [2010/04/09 14:45:50 | 000,001,244 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS Video Converter 6.lnk [2010/04/09 14:41:21 | 000,001,885 | ---- | C] () -- C:\Users\Charboneau\Desktop\CCleaner.lnk [2010/04/09 10:52:51 | 000,002,693 | ---- | C] () -- C:\Users\Charboneau\Desktop\Microsoft Office Word 2007.lnk [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1 [2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0 [2010/04/08 22:31:25 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2010/04/08 22:27:27 | 000,000,020 | -HS- | C] () -- C:\Users\Charboneau\ntuser.ini [2009/12/26 04:24:39 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2009/12/26 04:24:39 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report >

I finally found the CA internet security log, boy do they bury it.. see below. Does this help? 5/8/2010 9:27:31 AM 6 XP Internet Security 2010 software\classes\.exe 3 993 0 XP Internet Security 2010 3 993 3 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command 3 993 0 XP Internet Security 2010 HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command 3 993 0

Still the same, I have never received the pop up that his malware generates, and the only scan that shows it is my main virus protection CA Internet Security. Screen shot attached.

Ran Dr.Web Cureit, tried to save report list would not open any other window to save file. Tried several times no luck. When I closed Dr.Web it stated that a text log was saved in Users dir. To big to post I attached as a zip, also attached screen shot of what Dr. Web Cureit found. Should I run this again and see if it will give me the Cureit.csv file? Took over 5 hours to run complete scan. Hijackthis log is below. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:10:17 AM, on 5/8/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\STOPzilla!\STOPzilla.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9579 bytes CureIt.zip

Java log JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri May 07 14:44:06 2010 ------------------------------------ Finished reporting. ESET On Line Scanner log ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=82e9ec87b1b2074896287b77117f8600 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-07 09:31:36 # local_time=2010-05-07 05:31:36 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=4864 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 0 24802430 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=153487 # found=0 # cleaned=0 # scan_time=8916 DDS Log Only DDS (Ver_10-03-17.01) - NTFSX64 Run by Charboneau at 17:41:27.67 on Fri 05/07/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1284 [GMT -4:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\CA\CA Internet Security Suite\casc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\STOPzilla!\STOPzilla.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Charboneau\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~4\office12\GR469A~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files (x86)\stopzilla!\SZIEBHO.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~4\office12\GRA32A~1.DLL Notify: PFW - UmxWnp.Dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~4\office12\GR469A~1.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe mRun-x64: [cctray] "c:\program files\ca\ca internet security suite\casc.exe" ================= FIREFOX =================== FF - ProfilePath - c:\users\charbo~1\appdata\roaming\mozilla\firefox\profiles\wr0nkpe6.default\ FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll ============= SERVICES / DRIVERS =============== R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-12-23 141304] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 106488] R1 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 334712] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-26 89600] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-5 203264] R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-5-5 304128] R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-5-5 285008] R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-5-6 304464] R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 1479160] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664] R2 UmxPol;HIPS Policy Manager;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-9 24664] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-26 215040] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-26 36408] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-10 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120] =============== Created Last 30 ================ 2010-05-07 18:12:56 1232 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-05-06 12:11:26 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-05-05 15:18:30 0 d-----w- c:\program files (x86)\Trend Micro 2010-05-05 13:05:30 0 d-----w- c:\program files (x86)\CA 2010-05-05 13:05:00 0 d-----w- c:\program files\CA 2010-05-05 13:03:41 0 d-----w- c:\programdata\CA 2010-05-04 15:25:39 0 d-----w- c:\program files (x86)\ESET 2010-05-04 14:04:29 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-05-04 14:04:05 12867072 ----a-w- c:\windows\syswow64\shell32.dll 2010-05-04 14:04:04 96768 ----a-w- c:\windows\syswow64\sspicli.dll 2010-05-04 14:04:04 22016 ----a-w- c:\windows\syswow64\secur32.dll 2010-05-04 14:04:04 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-05-04 14:04:04 1446912 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-15 18:29:37 612352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 18:29:37 427520 ----a-w- c:\windows\syswow64\vbscript.dll 2010-04-15 18:29:32 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 18:29:31 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 18:29:31 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 18:29:25 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 18:29:24 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-04-15 18:29:24 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-04-15 18:27:04 220672 ----a-w- c:\windows\system32\wintrust.dll 2010-04-15 18:27:04 172032 ----a-w- c:\windows\syswow64\wintrust.dll 2010-04-15 18:27:03 139264 ----a-w- c:\windows\system32\cabview.dll 2010-04-15 18:27:03 132608 ----a-w- c:\windows\syswow64\cabview.dll 2010-04-13 12:48:10 0 d-----w- c:\users\charbo~1\appdata\roaming\AVS4YOU 2010-04-12 18:04:54 0 d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-12 18:04:54 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy 2010-04-12 17:17:37 63460 ----a-w- c:\windows\system32\drivers\KmxAgent.asc 2010-04-12 16:06:45 18594 ----a-w- c:\windows\system32\entitlement.xml 2010-04-12 15:19:07 0 d-----w- c:\programdata\PC Tools 2010-04-12 15:15:34 0 d-----w- c:\users\charbo~1\appdata\roaming\GetRightToGo 2010-04-12 14:44:47 0 d-----w- c:\users\charbo~1\appdata\roaming\Malwarebytes 2010-04-10 18:27:37 0 d-----w- c:\users\charboneau\rapid 2010-04-10 18:14:55 0 d-----w- c:\windows\syswow64\Wat 2010-04-10 18:14:55 0 d-----w- c:\windows\system32\Wat 2010-04-10 18:11:35 311808 ----a-w- c:\windows\system32\msv1_0.dll 2010-04-10 18:11:35 257024 ----a-w- c:\windows\syswow64\msv1_0.dll 2010-04-10 17:38:28 422912 ----a-w- c:\windows\system32\secproc_isv.dll 2010-04-10 17:37:59 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-04-10 17:37:59 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-04-10 17:37:59 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-04-10 17:37:59 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-04-10 17:37:59 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-04-10 17:37:59 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-04-10 17:37:30 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-04-10 17:37:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-10 17:35:54 960512 ----a-w- c:\windows\system32\CPFilters.dll 2010-04-10 17:35:54 641536 ----a-w- c:\windows\syswow64\CPFilters.dll 2010-04-10 17:35:54 613888 ----a-w- c:\windows\system32\psisdecd.dll 2010-04-10 17:35:54 552960 ----a-w- c:\windows\system32\msdri.dll 2010-04-10 17:35:54 288256 ----a-w- c:\windows\system32\MSNP.ax 2010-04-10 17:35:54 204288 ----a-w- c:\windows\syswow64\MSNP.ax 2010-04-10 17:35:53 465408 ----a-w- c:\windows\syswow64\psisdecd.dll 2010-04-10 17:33:28 716800 ----a-w- c:\windows\syswow64\jscript.dll 2010-04-10 17:21:45 46592 ----a-w- c:\windows\system32\msasn1.dll 2010-04-10 17:21:45 34816 ----a-w- c:\windows\syswow64\msasn1.dll 2010-04-10 17:21:21 464896 ----a-w- c:\windows\system32\drivers\srv.sys 2010-04-10 17:21:21 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-04-10 17:06:57 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms 2010-04-10 17:06:56 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf 2010-04-10 17:06:56 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms 2010-04-10 17:00:58 0 d-----w- c:\programdata\Recovery 2010-04-10 16:55:23 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf 2010-04-10 16:55:23 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms 2010-04-10 16:55:23 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms 2010-04-10 16:55:22 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf 2010-04-10 16:55:22 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms 2010-04-10 16:55:22 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms 2010-04-10 16:55:22 262144 --sha-w- c:\users\charboneau\ntuser.dat.LOG1 2010-04-10 16:55:22 0 --sha-w- c:\users\charboneau\ntuser.dat.LOG2 2010-04-10 15:28:56 0 d-----w- c:\program files (x86)\MSXML 4.0 2010-04-10 15:22:28 0 d-----w- c:\program files (x86)\Pelican Performance 2010-04-10 13:47:38 0 d-----w- c:\program files (x86)\STOPzilla! 2010-04-10 00:50:46 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2010-04-10 00:45:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-10 00:45:22 0 d-----w- c:\programdata\Malwarebytes 2010-04-10 00:44:39 0 d-----w- c:\users\charboneau\saved aps 2010-04-10 00:39:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-04-09 18:52:57 0 d-----w- c:\programdata\SITEguard 2010-04-09 18:52:16 0 d-----w- c:\program files (x86)\common files\iS3 2010-04-09 18:52:15 0 d-----w- c:\programdata\STOPzilla! 2010-04-09 18:48:41 1003008 ----a-w- c:\windows\syswow64\libeay32.dll 2010-04-09 18:46:49 156910 ----a-w- c:\windows\WMSysPr8.prx 2010-04-09 18:45:39 0 d-----w- c:\program files (x86)\common files\AVSMedia 2010-04-09 18:45:15 974848 ----a-w- c:\windows\syswow64\mfc70.dll 2010-04-09 18:45:15 487424 ----a-w- c:\windows\syswow64\msvcp70.dll 2010-04-09 18:45:15 344064 ----a-w- c:\windows\syswow64\msvcr70.dll 2010-04-09 18:45:14 1700352 ----a-w- c:\windows\syswow64\GdiPlus.dll 2010-04-09 18:45:14 0 d-----w- c:\programdata\AVS4YOU 2010-04-09 18:45:14 0 d-----w- c:\program files (x86)\AVS4YOU 2010-04-09 18:41:20 0 d-----w- c:\program files (x86)\CCleaner 2010-04-09 18:12:49 0 d-----w- c:\programdata\Sun 2010-04-09 14:48:12 0 d-----w- c:\windows\PCHEALTH 2010-04-09 14:45:50 0 d-----w- c:\program files\Microsoft Office 2010-04-09 14:45:04 0 d-----w- c:\windows\SHELLNEW 2010-04-09 14:35:32 212864 ------w- c:\windows\system32\MpSigStub.exe 2010-04-09 14:07:03 95472 ----a-w- c:\windows\syswow64\Vetredir.dll 2010-04-09 14:07:03 250608 ----a-w- c:\windows\system32\isafprod64.dll 2010-04-09 14:07:03 201968 ----a-w- c:\windows\syswow64\Isafprod.dll 2010-04-09 14:07:03 140016 ----a-w- c:\windows\system32\isafeif64.dll 2010-04-09 14:07:03 128240 ----a-w- c:\windows\syswow64\Isafeif.dll 2010-04-09 14:07:03 103152 ----a-w- c:\windows\system32\vetredir64.dll 2010-04-09 02:27:27 20 --sh--w- c:\users\charboneau\ntuser.ini ==================== Find3M ==================== 2010-03-09 08:28:20 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2010-03-05 22:16:42 17408 ----a-r- c:\windows\syswow64\SZIO5.dll 2010-03-05 22:14:16 442368 ----a-r- c:\windows\syswow64\SZBase5.dll 2010-03-05 22:13:44 540672 ----a-r- c:\windows\syswow64\SZComp5.dll 2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll 2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 17:42:17.20 ===============

I ran the DSS logs below. Tried to run GMER but it fail with error: "c:windows\system32\config\system:the system cannot find the file specified.". I am running Windows 7 64bit. DDS (Ver_10-03-17.01) - NTFSX64 Run by Charboneau at 0:32:38.67 on Fri 05/07/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1243 [GMT -4:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files (x86)\STOPzilla!\STOPzilla.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CA\CA Internet Security Suite\casc.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Charboneau\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~4\office12\GR469A~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files (x86)\stopzilla!\SZIEBHO.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~4\office12\GRA32A~1.DLL Notify: PFW - UmxWnp.Dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~4\office12\GR469A~1.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe mRun-x64: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun-x64: [cctray] "c:\program files\ca\ca internet security suite\casc.exe" ================= FIREFOX =================== FF - ProfilePath - c:\users\charbo~1\appdata\roaming\mozilla\firefox\profiles\wr0nkpe6.default\ FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-12-23 141304] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 106488] R1 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 334712] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-26 89600] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-5 203264] R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-5-5 304128] R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-5-5 285008] R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-5-6 304464] R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 1479160] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664] R2 UmxPol;HIPS Policy Manager;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-9 24664] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-26 215040] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-26 36408] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-10 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120] =============== Created Last 30 ================ 2010-05-07 04:30:13 152 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg 2010-05-07 04:09:51 480 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-05-06 12:11:26 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-05-05 15:18:30 0 d-----w- c:\program files (x86)\Trend Micro 2010-05-05 13:05:30 0 d-----w- c:\program files (x86)\CA 2010-05-05 13:05:00 0 d-----w- c:\program files\CA 2010-05-05 13:03:41 0 d-----w- c:\programdata\CA 2010-05-04 15:25:39 0 d-----w- c:\program files (x86)\ESET 2010-05-04 14:04:29 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-05-04 14:04:05 12867072 ----a-w- c:\windows\syswow64\shell32.dll 2010-05-04 14:04:04 96768 ----a-w- c:\windows\syswow64\sspicli.dll 2010-05-04 14:04:04 22016 ----a-w- c:\windows\syswow64\secur32.dll 2010-05-04 14:04:04 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-05-04 14:04:04 1446912 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-15 18:29:37 612352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 18:29:37 427520 ----a-w- c:\windows\syswow64\vbscript.dll 2010-04-15 18:29:32 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 18:29:31 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 18:29:31 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 18:29:25 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 18:29:24 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe 2010-04-15 18:29:24 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe 2010-04-15 18:27:04 220672 ----a-w- c:\windows\system32\wintrust.dll 2010-04-15 18:27:04 172032 ----a-w- c:\windows\syswow64\wintrust.dll 2010-04-15 18:27:03 139264 ----a-w- c:\windows\system32\cabview.dll 2010-04-15 18:27:03 132608 ----a-w- c:\windows\syswow64\cabview.dll 2010-04-13 12:48:10 0 d-----w- c:\users\charbo~1\appdata\roaming\AVS4YOU 2010-04-12 18:04:54 0 d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-12 18:04:54 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy 2010-04-12 17:17:37 63460 ----a-w- c:\windows\system32\drivers\KmxAgent.asc 2010-04-12 16:06:45 18594 ----a-w- c:\windows\system32\entitlement.xml 2010-04-12 15:19:07 0 d-----w- c:\programdata\PC Tools 2010-04-12 15:15:34 0 d-----w- c:\users\charbo~1\appdata\roaming\GetRightToGo 2010-04-12 14:44:47 0 d-----w- c:\users\charbo~1\appdata\roaming\Malwarebytes 2010-04-10 18:27:37 0 d-----w- c:\users\charboneau\rapid 2010-04-10 18:14:55 0 d-----w- c:\windows\syswow64\Wat 2010-04-10 18:14:55 0 d-----w- c:\windows\system32\Wat 2010-04-10 18:11:35 311808 ----a-w- c:\windows\system32\msv1_0.dll 2010-04-10 18:11:35 257024 ----a-w- c:\windows\syswow64\msv1_0.dll 2010-04-10 17:38:28 422912 ----a-w- c:\windows\system32\secproc_isv.dll 2010-04-10 17:37:59 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-04-10 17:37:59 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-04-10 17:37:59 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-04-10 17:37:59 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-04-10 17:37:59 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-04-10 17:37:59 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-04-10 17:37:30 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-04-10 17:37:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-10 17:35:54 960512 ----a-w- c:\windows\system32\CPFilters.dll 2010-04-10 17:35:54 641536 ----a-w- c:\windows\syswow64\CPFilters.dll 2010-04-10 17:35:54 613888 ----a-w- c:\windows\system32\psisdecd.dll 2010-04-10 17:35:54 552960 ----a-w- c:\windows\system32\msdri.dll 2010-04-10 17:35:54 288256 ----a-w- c:\windows\system32\MSNP.ax 2010-04-10 17:35:54 204288 ----a-w- c:\windows\syswow64\MSNP.ax 2010-04-10 17:35:53 465408 ----a-w- c:\windows\syswow64\psisdecd.dll 2010-04-10 17:33:28 716800 ----a-w- c:\windows\syswow64\jscript.dll 2010-04-10 17:21:45 46592 ----a-w- c:\windows\system32\msasn1.dll 2010-04-10 17:21:45 34816 ----a-w- c:\windows\syswow64\msasn1.dll 2010-04-10 17:21:21 464896 ----a-w- c:\windows\system32\drivers\srv.sys 2010-04-10 17:21:21 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-04-10 17:06:57 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms 2010-04-10 17:06:56 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf 2010-04-10 17:06:56 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms 2010-04-10 17:00:58 0 d-----w- c:\programdata\Recovery 2010-04-10 16:55:23 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf 2010-04-10 16:55:23 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms 2010-04-10 16:55:23 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms 2010-04-10 16:55:22 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf 2010-04-10 16:55:22 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms 2010-04-10 16:55:22 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms 2010-04-10 16:55:22 262144 --sha-w- c:\users\charboneau\ntuser.dat.LOG1 2010-04-10 16:55:22 0 --sha-w- c:\users\charboneau\ntuser.dat.LOG2 2010-04-10 15:28:56 0 d-----w- c:\program files (x86)\MSXML 4.0 2010-04-10 15:22:28 0 d-----w- c:\program files (x86)\Pelican Performance 2010-04-10 13:47:38 0 d-----w- c:\program files (x86)\STOPzilla! 2010-04-10 00:50:46 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2010-04-10 00:45:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-10 00:45:22 0 d-----w- c:\programdata\Malwarebytes 2010-04-10 00:44:39 0 d-----w- c:\users\charboneau\saved aps 2010-04-10 00:39:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-04-09 18:52:57 0 d-----w- c:\programdata\SITEguard 2010-04-09 18:52:16 0 d-----w- c:\program files (x86)\common files\iS3 2010-04-09 18:52:15 0 d-----w- c:\programdata\STOPzilla! 2010-04-09 18:48:41 1003008 ----a-w- c:\windows\syswow64\libeay32.dll 2010-04-09 18:46:49 156910 ----a-w- c:\windows\WMSysPr8.prx 2010-04-09 18:45:39 0 d-----w- c:\program files (x86)\common files\AVSMedia 2010-04-09 18:45:15 974848 ----a-w- c:\windows\syswow64\mfc70.dll 2010-04-09 18:45:15 487424 ----a-w- c:\windows\syswow64\msvcp70.dll 2010-04-09 18:45:15 344064 ----a-w- c:\windows\syswow64\msvcr70.dll 2010-04-09 18:45:14 1700352 ----a-w- c:\windows\syswow64\GdiPlus.dll 2010-04-09 18:45:14 0 d-----w- c:\programdata\AVS4YOU 2010-04-09 18:45:14 0 d-----w- c:\program files (x86)\AVS4YOU 2010-04-09 18:41:20 0 d-----w- c:\program files (x86)\CCleaner 2010-04-09 18:12:49 0 d-----w- c:\programdata\Sun 2010-04-09 18:12:16 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-04-09 18:12:16 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-04-09 18:12:16 145184 ----a-w- c:\windows\syswow64\java.exe 2010-04-09 14:48:12 0 d-----w- c:\windows\PCHEALTH 2010-04-09 14:45:50 0 d-----w- c:\program files\Microsoft Office 2010-04-09 14:45:04 0 d-----w- c:\windows\SHELLNEW 2010-04-09 14:35:32 212864 ------w- c:\windows\system32\MpSigStub.exe 2010-04-09 14:07:03 95472 ----a-w- c:\windows\syswow64\Vetredir.dll 2010-04-09 14:07:03 250608 ----a-w- c:\windows\system32\isafprod64.dll 2010-04-09 14:07:03 201968 ----a-w- c:\windows\syswow64\Isafprod.dll 2010-04-09 14:07:03 140016 ----a-w- c:\windows\system32\isafeif64.dll 2010-04-09 14:07:03 128240 ----a-w- c:\windows\syswow64\Isafeif.dll 2010-04-09 14:07:03 103152 ----a-w- c:\windows\system32\vetredir64.dll 2010-04-09 02:27:27 20 --sh--w- c:\users\charboneau\ntuser.ini ==================== Find3M ==================== 2010-03-09 08:28:20 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2010-03-05 22:16:42 17408 ----a-r- c:\windows\syswow64\SZIO5.dll 2010-03-05 22:14:16 442368 ----a-r- c:\windows\syswow64\SZBase5.dll 2010-03-05 22:13:44 540672 ----a-r- c:\windows\syswow64\SZComp5.dll 2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll 2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 0:33:46.84 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 4/8/2010 10:27:23 PM System Uptime: 5/7/2010 12:08:54 AM (0 hours ago) Motherboard: Hewlett-Packard | | 363F Processor: AMD Athlon II Dual-Core M320 | Socket S1G3 | 2100/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 219 GiB total, 183.122 GiB free. D: is FIXED (NTFS) - 14 GiB total, 2.245 GiB free. E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free. F: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP42: 4/13/2010 9:04:50 AM - Windows Backup RP43: 4/13/2010 11:10:50 AM - Windows Backup RP44: 4/15/2010 2:27:09 PM - Windows Update RP45: 4/15/2010 4:42:43 PM - Windows Update RP46: 4/19/2010 2:20:26 PM - StopZILLA! Restore Point. RP47: 4/27/2010 9:09:46 AM - Windows Update RP48: 5/4/2010 10:04:33 AM - Windows Update RP49: 5/4/2010 11:54:58 AM - Installed HiJackThis RP50: 5/4/2010 12:16:09 PM - Windows Update RP54: 5/5/2010 9:00:38 AM - CA Internet Security Suite RP56: 5/5/2010 9:04:44 AM - CA Internet Security Suite RP57: 5/5/2010 11:05:07 AM - Removed HiJackThis RP58: 5/5/2010 11:07:13 AM - Installed HiJackThis RP59: 5/5/2010 11:08:56 AM - Removed HiJackThis RP60: 5/5/2010 11:17:56 AM - Installed HiJackThis RP61: 5/6/2010 8:39:05 AM - StopZILLA! Restore Point. RP62: 5/7/2010 12:10:49 AM - StopZILLA! Restore Point. ==== Installed Programs ====================== Acrobat.com ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.1 MUI Adobe Shockwave Player AMD USB Filter Driver Atheros Driver Installation Program AVS Audio Converter version 6.2 AVS Cover Editor 2.0.0.75 AVS Disc Creator version 4.1 AVS DVD Authoring AVS Media Player 3.1 AVS Update Manager 1.0 AVS Video Converter 6 AVS Video Recorder 2.4 AVS4YOU Software Navigator 1.4 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CyberLink DVD Suite CyberLink MediaShow CyberLink PowerDVD 8 ESET Online Scanner v3 HiJackThis HP Advisor HP Customer Experience Enhancements HP Games HP Setup HP Smart Web Printing HP Support Assistant HP Update HP User Guides 0148 HP Wireless Assistant HPAsset component for HP Active Support Library IDT Audio Java Auto Updater Java 6 Update 19 Junk Mail filter update LabelPrint LightScribe System Software Malwarebytes' Anti-Malware Microsoft Choice Guard Microsoft Live Search Toolbar Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Mozilla Firefox (3.0.12) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal Power2Go PowerDirector Pro Media Director Version 2.0.0.1 Realtek 8136 8168 8169 Ethernet Driver Realtek USB 2.0 Card Reader Recovery Manager Slingbox - Watch Your TV Anywhere SlingPlayer STOPzilla Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR archiver ==== Event Viewer Messages From Past Week ======== 5/7/2010 12:09:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv TfFsMon TfSysMon 5/7/2010 12:09:38 AM, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The parameter is incorrect. 5/7/2010 12:09:08 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 5/5/2010 9:05:41 AM, Error: Service Control Manager [7030] - The CAISafe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/5/2010 9:05:15 AM, Error: Service Control Manager [7030] - The CA Common Scheduler Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/5/2010 11:11:51 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 5/5/2010 1:46:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0} 5/5/2010 1:46:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2} 5/5/2010 1:46:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC} 5/5/2010 1:46:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF} 5/5/2010 1:45:39 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 5/5/2010 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/5/2010 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/5/2010 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/5/2010 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 5/5/2010 1:45:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/5/2010 1:45:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/5/2010 1:45:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache is3srv KmxAgent KmxCfg NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TfFsMon TfSysMon vwififlt Wanarpv6 WfpLwf 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/4/2010 10:18:37 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. ==== End Of File ===========================

Followed instructions log below Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4071 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/6/2010 8:18:54 AM mbam-log-2010-05-06 (08-18-54).txt Scan type: Quick scan Objects scanned: 130563 Time elapsed: 3 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

My CA.Security keeps giving 6 xp internet security 2010 alerts on the quick scan, it will quarantine one but not the other 5. All six will be back on the next scan. When I run MWB it does not find anything. I have reinstalled CA, MWB, run both in safe mode. I also ran SpyDoctor, SpyBot, StopZilla and online Eset only CA comes up with this malware. MWB is registered copy, I also run CA.security and Stopzilla as registered copies. I have never received the popup that xp internet security 2010 is suppose to do. I tried following the instructions for removal on Bleepingcomputer site but they state do not close the popup that I do not get. I followed the instruction anyway and it did not fix the problem. Can anyone look at my Hijackthis log and tell me what I am missing. Thank you.

Found this on another thread from parleycross found the task exactly were stated task scheduler,task scheduler library with action tab clicked then deleted it. Thank you parleycross, will let everyone know if it comes back, so far so good been on over 30 minutes no protection message yet. thank you thank you thank you QUOTE (parleycross @ Apr 18 2010, 05:14 PM) * Hi, I have just had this same error with b.exe trojan.dropper. It is caused by a hidden scheduled task trying to execute this program. If you open the task scheduler from Accessories/System Tools and look at the scheduled tasks that are active you will find it. It is hidden though so you have to select show hidden tasks Delete the task and it should fix your problem

That didn't work, eset came back with no malware, tried the reinstall and still receiving the protection alert and quarantine fail. 21:38:54 Missy MESSAGE Protection started successfully 21:38:58 Missy MESSAGE IP Protection started successfully 21:40:21 Missy MESSAGE Protection started successfully 21:40:25 Missy MESSAGE IP Protection started successfully 21:51:05 Missy DETECTION C:\Users\Missy\AppData\Local\Temp\c.exe Trojan.Dropper QUARANTINE 21:51:06 Missy ERROR Quarantine failed: UtilityReadFile failed with error code 2 22:15:18 Missy MESSAGE Protection started successfully 22:15:22 Missy MESSAGE IP Protection started successfully 22:26:55 Missy MESSAGE Protection started successfully 22:26:59 Missy MESSAGE IP Protection started successfully Is there anyone out there that can help me, please.

About 5 minutes after booting PC, mbam detects c.exe but fails to quarantine then every 20 minutes or so after that. Have gone to location of c.exe but it is not there. Have run mbam scans quick and full in normal and safe mode. Did not detect any malware . Have run other malware scans, Housecall, Panda active scan, asquared, superantispyware, spybot, windows defender, and ca security, none have found c.exe, only mbam picking this up in protection mode. mbam protection log: 00:38:33 Missy MESSAGE Protection started successfully 00:38:37 Missy MESSAGE IP Protection started successfully 00:51:18 Missy DETECTION C:\Users\Missy\AppData\Local\Temp\c.exe Trojan.Dropper QUARANTINE 00:51:19 Missy ERROR Quarantine failed: UtilityReadFile failed with error code 2 00:53:59 Missy IP-BLOCK 209.44.103.10 00:54:07 Missy IP-BLOCK 209.44.103.10 00:54:07 Missy IP-BLOCK 209.44.103.10 00:56:25 Missy MESSAGE IP Protection stopped 00:56:28 Missy MESSAGE Database updated successfully 00:56:29 Missy MESSAGE IP Protection started successfully 07:04:23 Missy MESSAGE Protection started successfully 07:04:27 Missy MESSAGE IP Protection started successfully 07:51:17 Missy DETECTION C:\Users\Missy\AppData\Local\Temp\c.exe Trojan.Dropper QUARANTINE 07:51:18 Missy ERROR Quarantine failed: UtilityReadFile failed with error code 2 07:55:30 Missy MESSAGE Protection started successfully 07:55:33 Missy MESSAGE IP Protection started successfully 08:51:12 Missy DETECTION C:\Users\Missy\AppData\Local\Temp\c.exe Trojan.Dropper QUARANTINE 08:51:14 Missy ERROR Quarantine failed: UtilityReadFile failed with error code 2 09:26:24 Missy MESSAGE Protection started successfully 09:26:28 Missy MESSAGE IP Protection started successfully 15:16:57 Missy MESSAGE Protection started successfully 15:17:01 Missy MESSAGE IP Protection started successfully 20:49:18 Missy MESSAGE Protection started successfully 20:49:22 Missy MESSAGE IP Protection started successfully 20:51:07 Missy DETECTION C:\Users\Missy\AppData\Local\Temp\c.exe Trojan.Dropper QUARANTINE 20:51:08 Missy ERROR Quarantine failed: UtilityReadFile failed with error code 2 mbam quick scan safe mode log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3994 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 4/16/2010 1:14:29 AM mbam-log-2010-04-16 (01-14-29).txt Scan type: Flash scan Objects scanned: 83194 Time elapsed: 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Mbam quick can normal mode log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3994 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 4/16/2010 9:17:21 PM mbam-log-2010-04-16 (21-17-21).txt Scan type: Quick scan Objects scanned: 104753 Time elapsed: 4 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Otl Log: OTL logfile created on: 4/16/2010 8:37:41 AM - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Missy\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287.21 Gb Total Space | 198.28 Gb Free Space | 69.04% Space Free | Partition Type: NTFS Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MISSY-PC Current User Name: Missy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/04/09 01:45:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Missy\Desktop\OTL.exe PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/03/30 00:46:12 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/03/24 07:29:38 | 001,709,296 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe PRC - [2010/03/24 07:29:37 | 001,058,032 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe PRC - [2010/03/24 07:29:37 | 000,251,120 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe PRC - [2010/03/24 07:29:37 | 000,206,064 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe PRC - [2009/11/20 17:09:16 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/08/04 11:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe PRC - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/13 21:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2007/11/19 14:14:04 | 000,811,008 | ---- | M] () -- C:\Windows\System32\svcprs32.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (SafeList) ========== MOD - [2010/04/09 01:45:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Missy\Desktop\OTL.exe MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/03/24 07:29:37 | 000,251,120 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP) SRV - [2010/03/24 07:29:37 | 000,206,064 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC) SRV - [2010/03/11 09:39:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/03/10 12:50:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/11/20 17:09:16 | 000,212,992 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe) SRV - [2009/08/04 11:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent) SRV - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol) SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV) SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg) SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2007/11/19 14:14:04 | 000,811,008 | ---- | M] () [Auto | Running] -- C:\Windows\System32\svcprs32.exe -- (WinSvchostManager) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox" FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/03/24 11:53:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/26 19:49:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 03:24:27 | 000,000,000 | ---D | M] [2010/01/15 16:55:03 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\Mozilla\Extensions [2010/04/16 07:16:21 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\extensions [2010/04/11 13:32:47 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/02/18 07:56:05 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010/03/27 11:50:47 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} [2010/04/16 07:16:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/03/26 22:43:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/04/09 10:07:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/01/15 16:55:05 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\extensions\firetorrent@radicalsoft.com [2009/07/26 07:33:28 | 000,000,682 | ---- | M] () -- C:\Users\Missy\AppData\Roaming\Mozilla\Firefox\Profiles\vufjdxx2.default\searchplugins\ask.xml [2010/04/02 06:29:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 - HOSTS file present but inaccessible! O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ca.com ([www] https in Trusted sites) O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/c...ls/pctuneup.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\System32\UmxWNP.dll (CA) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Missy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Missy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1f131c64-6734-11de-8a09-001f167e7332}\Shell - "" = AutoRun O33 - MountPoints2\{1f131c64-6734-11de-8a09-001f167e7332}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{3e091bac-3362-11df-ba9b-001f167e7332}\Shell - "" = AutoRun O33 - MountPoints2\{3e091bac-3362-11df-ba9b-001f167e7332}\Shell\AutoRun\command - "" = F:\HPLauncher.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== [2010/04/16 08:37:07 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Missy\Desktop\OTL.exe [2009/11/20 22:17:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Missy\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 14 Days ========== [2010/04/16 08:45:40 | 002,097,152 | -HS- | M] () -- C:\Users\Missy\ntuser.dat [2010/04/16 08:00:28 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/04/16 08:00:28 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/04/16 07:53:35 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini [2010/04/16 07:53:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/04/16 07:53:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/04/16 07:53:00 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys [2010/04/16 07:52:33 | 000,004,791 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0 [2010/04/16 07:52:33 | 000,000,209 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1 [2010/04/16 07:52:33 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7 [2010/04/16 07:52:33 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6 [2010/04/16 07:52:33 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5 [2010/04/16 07:52:33 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4 [2010/04/16 07:52:33 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3 [2010/04/16 07:52:33 | 000,000,081 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2 [2010/04/16 07:52:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7 [2010/04/16 07:52:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6 [2010/04/16 07:52:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5 [2010/04/16 07:52:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4 [2010/04/16 07:52:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3 [2010/04/16 07:52:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2 [2010/04/16 07:52:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1 [2010/04/16 07:52:33 | 000,000,045 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0 [2010/04/16 07:52:17 | 001,607,522 | -H-- | M] () -- C:\Users\Missy\AppData\Local\IconCache.db [2010/04/12 12:26:37 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/04/12 12:26:37 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/04/12 12:26:37 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/04/10 16:34:11 | 000,003,766 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2010/04/09 08:21:20 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\Replay Video Capture.lnk [2010/04/09 01:45:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Missy\Desktop\OTL.exe [2010/04/07 09:05:07 | 000,000,090 | ---- | M] () -- C:\Users\Missy\AppData\Roaming\AVSMediaPlayer.m3u ========== Files Created - No Company Name ========== [2010/04/09 08:21:20 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\Replay Video Capture.lnk [2010/03/26 22:44:19 | 000,524,288 | -HS- | C] () -- C:\Users\Missy\ntuser.dat{c3379610-3949-11df-89da-001f167e7332}.TMContainer00000000000000000002.regtrans-ms [2010/03/26 22:44:19 | 000,524,288 | -HS- | C] () -- C:\Users\Missy\ntuser.dat{c3379610-3949-11df-89da-001f167e7332}.TMContainer00000000000000000001.regtrans-ms [2010/03/26 22:44:19 | 000,065,536 | -HS- | C] () -- C:\Users\Missy\ntuser.dat{c3379610-3949-11df-89da-001f167e7332}.TM.blf [2010/03/26 19:44:03 | 000,524,288 | -HS- | C] () -- C:\Users\Missy\ntuser.dat{d3834d36-3918-11df-b69a-001f167e7332}.TMContainer00000000000000000002.regtrans-ms [2010/03/26 19:44:03 | 000,524,288 | -HS- | C] () -- C:\Users\Missy\ntuser.dat{d3834d36-3918-11df-b69a-001f167e7332}.TMContainer00000000000000000001.regtrans-ms [2010/03/26 19:44:03 | 000,065,536 | -HS- | C] () -- C:\Users\Missy\ntuser.dat{d3834d36-3918-11df-b69a-001f167e7332}.TM.blf [2010/03/24 07:02:36 | 000,000,000 | ---- | C] () -- C:\Users\Missy\netsh [2010/03/24 00:43:13 | 000,016,384 | -HS- | C] () -- C:\Users\Missy\Thumbs.db [2010/03/11 08:19:27 | 000,000,000 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\wklnhst.dat [2010/02/18 03:33:47 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010/02/08 07:32:08 | 000,000,932 | ---- | C] () -- C:\Users\Missy\Desktop [2010/02/03 08:58:14 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt [2010/01/16 10:43:19 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/01/16 10:43:19 | 000,000,088 | RHS- | C] () -- C:\ProgramData\BFB83532D2.sys [2010/01/15 17:50:18 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2010/01/15 17:22:47 | 000,000,000 | ---- | C] () -- C:\Users\Missy\AppData\Local\QSwitch.txt [2010/01/15 17:22:47 | 000,000,000 | ---- | C] () -- C:\Users\Missy\AppData\Local\DSwitch.txt [2010/01/15 17:22:47 | 000,000,000 | ---- | C] () -- C:\Users\Missy\AppData\Local\AtStart.txt [2010/01/15 17:22:44 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini [2010/01/15 17:21:41 | 000,000,020 | -HS- | C] () -- C:\Users\Missy\ntuser.ini [2010/01/15 16:35:42 | 002,097,152 | -HS- | C] () -- C:\Users\Missy\ntuser.dat [2010/01/15 16:35:42 | 000,524,288 | -HS- | C] () -- C:\Users\Missy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/01/15 16:35:42 | 000,524,288 | -HS- | C] () -- C:\Users\Missy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/01/15 16:35:42 | 000,262,144 | -HS- | C] () -- C:\Users\Missy\ntuser.dat.LOG1 [2010/01/15 16:35:42 | 000,065,536 | -HS- | C] () -- C:\Users\Missy\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/01/15 16:35:42 | 000,000,000 | -HS- | C] () -- C:\Users\Missy\ntuser.dat.LOG2 [2009/11/20 22:21:43 | 000,001,044 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\vso_ts_preview.xml [2009/11/20 22:19:35 | 000,000,034 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\pcouffin.log [2009/11/20 22:17:22 | 000,087,608 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\inst.exe [2009/11/20 22:17:22 | 000,007,887 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\pcouffin.cat [2009/11/20 22:17:21 | 000,001,144 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\pcouffin.inf [2009/10/25 23:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009/09/17 17:42:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/05 20:49:37 | 000,000,090 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\AVSMediaPlayer.m3u [2009/07/04 10:00:56 | 000,061,678 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\PFP120JPR.{PB [2009/07/04 10:00:56 | 000,012,358 | ---- | C] () -- C:\Users\Missy\AppData\Roaming\PFP120JCM.{PB [2009/07/03 15:12:47 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/07/03 15:12:47 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/07/03 13:19:23 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll [2009/07/03 13:17:06 | 002,105,344 | ---- | C] () -- C:\Windows\System32\win32cpr.dll [2009/07/03 13:17:06 | 001,433,699 | ---- | C] () -- C:\Windows\System32\stuff.dll [2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2008/06/29 10:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2010/03/26 19:43:07 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\BitTorrent [2010/01/15 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\FloodLightGames [2010/01/15 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\funkitron [2010/01/15 16:54:59 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\IrfanView [2010/01/15 16:54:59 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\iWin [2010/01/15 16:54:59 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\Ludia [2010/01/15 16:55:09 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\Pegasys Inc [2009/07/21 11:36:09 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\Skinux [2010/01/15 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\UDC Profiles [2010/01/15 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\Vso [2010/01/15 22:18:57 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\WinBatch [2010/01/15 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\Missy\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716} [2010/03/11 02:44:58 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:E965A533 < End of report > extra log: OTL Extras logfile created on: 4/16/2010 8:37:41 AM - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Missy\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287.21 Gb Total Space | 198.28 Gb Free Space | 69.04% Space Free | Partition Type: NTFS Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MISSY-PC Current User Name: Missy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 "{000AB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{01A3E75B-54C0-407F-8B95-B77705C7DCC4}" = AMRT "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 19 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{484B100E-6FBE-4631-BC55-5F872FD8E020}" = HP Wireless Assistant "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.4.190 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529046}" = WordPerfect Office X4 - IPM T EN "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}" = WordPerfect Office X4 - MAIL "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "Ace Utilities_is1" = Ace Utilities "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1 "AVS Disc Creator_is1" = AVS Disc Creator version 3.5 "AVS DVD Authoring_is1" = AVS DVD Authoring "AVS Media Player_is1" = AVS Media Player 3.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.96 (AVS4YOU) "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "ENTERPRISE" = Microsoft Office Enterprise 2007 "eTrust Suite Personal" = CA Internet Security Suite "HDMI" = Intel® Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12) "Replay Video Capture4.1" = Replay Video Capture "SynTPDeinstKey" = Synaptics Pointing Device Driver "TVWiz" = Intel® TV Wizard "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >