davejjj

Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 JavaFX 2.0.2 SDK Java 7 Update 13 Java SE Development Kit 7 Update 2 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (18.0.1) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````

Alright, thanks you, let me get started on that. I have not checked in here for a few days. I did notice that in my Microsoft Security Essentials history box there is a recent item. It says: Detected item: Trojan:JS/IframeRef:I Date: Jan 22, 2013 Action: Removed Thanks.

I guess I have corrupted Vista or maybe have a hardware problem. Thanks. ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=b1ad05d8db488f4b9b84864167a605c4 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-02 07:26:42 # local_time=2013-02-02 01:26:42 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 76929414 196397504 0 0 # scanned=201395 # found=0 # cleaned=0 # scan_time=6125

Hi Dark Knight, That did not seem to work but I will try searching Microsoft forums for this issue. Thanks Dave

Change Adapter Settings under what menu? When I go to Control Panel I can click on Network and Sharing Center and then that page lists the following options on the left panel: Tasks: View computers and devices, Connect to a network, Manage network connections, Diagnose and repair. When I click on Manage Network Connections a new page attempts to open but then it dies, so I can't reach the page where you can set your ipconfig settings etc...

All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 384793 bytes ->Temporary Internet Files folder emptied: 12178012 bytes ->Java cache emptied: 14744829 bytes ->FireFox cache emptied: 207920213 bytes ->Google Chrome cache emptied: 288693723 bytes ->Apple Safari cache emptied: 12232704 bytes ->Flash cache emptied: 85375 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 341759 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 223261330 bytes Total Files Cleaned = 725.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01272013_000002 Files\Folders moved on Reboot... C:\Windows\temp\MpCmdRun.log moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

OTL Extras logfile created on: 1/26/2013 12:38:31 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.08% Memory free 4.22 Gb Paging File | 2.63 Gb Available in Paging File | 62.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 26.35 Gb Free Space | 35.35% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3667368273-239511518-4274841958-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{A4177E65-C9BC-44DB-A227-92C03CC1F6DA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{28A507F8-ADD9-496F-A46E-707D426347F7}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{5D7B4182-3DF9-44C2-B493-574341D2379B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{6183BC37-1598-4185-9BAA-F3F727327A68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{68A64E0A-80B4-45CC-A47A-AB8134A86A70}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{75A18ACD-A063-4687-B546-B0031D2FD70E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{C947F683-2068-4566-98DE-300584EC0912}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{ED38ED76-ABA6-4056-918D-5FA8CCB0F221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{5F1D8545-3109-4E53-B37C-23AB07DF64EA}C:\program files\netbeans 7.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe | "TCP Query User{A13265DE-F393-4A4D-B8BE-29D06AAD02A3}C:\program files\java\jdk1.7.0_02\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_02\bin\java.exe | "TCP Query User{BD2C9619-45B6-4021-9233-4F307E16D5DE}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | "UDP Query User{644C6760-0976-4E5E-B07B-2F5DD8E17C5D}C:\program files\netbeans 7.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe | "UDP Query User{92BB54A0-7A8B-4577-9D51-8A4D87E99EA3}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | "UDP Query User{DFDD9DCA-77B2-46CC-AA76-8E0B73EBFDC1}C:\program files\java\jdk1.7.0_02\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_02\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies "{029A95A8-E814-4760-B5A1-0D46E2D62FB1}" = PHP 5.2.17 "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK "{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4 "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4 "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4 "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio "{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11 "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2 "{33933681-9A64-4A5C-97F5-4F6AEDB9FA0F}" = MySQL Server 5.5 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4 "{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1 "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1) "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) "{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.22 "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}" = Adobe Flash Player 11 ActiveX "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846 "{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1 "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4 "{9B92B20A-6A19-428F-8BD0-52DF859B1C61}" = Adobe Shockwave Player 11.6 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4 "{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec "{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) "{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver "{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2 "{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86) "{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Blend_4.0.20525.0" = Microsoft Expression Blend 4 "Design_7.0.20516.0" = Microsoft Expression Design 4 "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4 "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4 "FileZilla Client" = FileZilla Client 3.6.0.2 "HDMI" = Intel® Graphics Media Accelerator Driver "Heimdal" = Heimdal "InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition "InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "nbi-glassfish-mod-3.1.1.12.0" = GlassFish Server Open Source Edition 3.1.1 "nbi-nb-base-7.1.0.0.0" = NetBeans IDE 7.1 "nbi-tomcat-7.0.22.0.0" = Apache Tomcat 7.0.22 "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Web_4.0.1303.0" = Microsoft Expression Web 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/23/2013 12:23:34 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 1/24/2013 2:30:18 PM | Computer Name = User-PC | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.104 for ServerName . Error - 1/24/2013 2:31:48 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 1/25/2013 4:36:58 PM | Computer Name = User-PC | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.104 for ServerName . Error - 1/25/2013 4:38:27 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 1/25/2013 5:00:02 PM | Computer Name = User-PC | Source = Apache Service | ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.104 for ServerName . Error - 1/25/2013 5:01:22 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10 Description = Error - 1/25/2013 5:05:26 PM | Computer Name = User-PC | Source = ESENT | ID = 474 Description = Windows (2760) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 85278720 (0x0000000005154000) (database page 10409 (0x28A9)) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 4799075126007767765 (0x4299bd66881b22d5) and the actual checksum was 4796541890609637205 (0x4290bd6fb4116755). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error - 1/25/2013 5:05:26 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3026 Description = Error - 1/25/2013 5:05:26 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3602 Description = Error - 1/25/2013 5:05:26 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 7040 Description = [ System Events ] Error - 1/22/2013 7:10:01 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011 Description = Error - 1/23/2013 12:23:35 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = Error - 1/24/2013 2:31:49 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = Error - 1/25/2013 1:27:24 AM | Computer Name = User-PC | Source = DCOM | ID = 10010 Description = Error - 1/25/2013 4:38:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = Error - 1/25/2013 4:59:43 PM | Computer Name = User-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 2:58:34 PM on 1/25/2013 was unexpected. Error - 1/25/2013 5:01:23 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001 Description = Error - 1/25/2013 5:04:40 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009 Description = Error - 1/25/2013 5:04:40 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/25/2013 5:04:42 PM | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%886 Error Code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion. Reason: %%892 < End of report >

OTL logfile created on: 1/26/2013 12:38:31 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.08% Memory free 4.22 Gb Paging File | 2.63 Gb Available in Paging File | 62.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 26.35 Gb Free Space | 35.35% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/26 00:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2013/01/16 06:51:32 | 000,094,280 | ---- | M] (Microsoft) -- C:\Program Files\Heimdal\HeimdalSecureDNS\DNSService.exe PRC - [2013/01/16 06:51:12 | 001,139,272 | ---- | M] (CSIS Security Group) -- C:\Program Files\Heimdal\Client\HeimdalAgent.exe PRC - [2013/01/16 06:50:56 | 000,150,088 | ---- | M] (CSIS Security Group) -- C:\Program Files\Heimdal\Service\HeimdalAgentService.exe PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/08/27 10:00:20 | 000,512,000 | ---- | M] (Oracle Corporation) -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE PRC - [2011/08/27 09:58:50 | 115,773,440 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/02 15:33:16 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ========== Modules (No Company Name) ========== MOD - [2013/01/10 00:41:33 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a379b2e18ccf462ff63e86ee309c600b\System.WorkflowServices.ni.dll MOD - [2013/01/10 00:40:40 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll MOD - [2013/01/10 00:40:08 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll MOD - [2013/01/10 00:40:05 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll MOD - [2013/01/10 00:39:44 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9714573400d1d3724808c63f1fd6de83\System.ServiceModel.Web.ni.dll MOD - [2013/01/10 00:19:33 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll MOD - [2013/01/10 00:19:31 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\34b227d0afc72e9f53903ae338ac06a3\Microsoft.VisualBasic.ni.dll MOD - [2013/01/10 00:19:19 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll MOD - [2013/01/10 00:19:10 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll MOD - [2013/01/10 00:19:05 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll MOD - [2013/01/10 00:14:55 | 012,079,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\269a06a09ecdc960ccbd727f647ceedb\System.Web.ni.dll MOD - [2013/01/09 14:15:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll MOD - [2013/01/09 14:15:41 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll MOD - [2013/01/09 14:15:40 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll MOD - [2013/01/09 14:15:39 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013/01/09 14:15:38 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll MOD - [2013/01/09 13:58:56 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll MOD - [2013/01/09 13:58:50 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll MOD - [2013/01/09 13:58:33 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll MOD - [2013/01/09 13:58:32 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll MOD - [2013/01/09 13:58:30 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013/01/09 13:58:28 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013/01/09 13:58:23 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013/01/09 13:58:17 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll MOD - [2013/01/09 13:58:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012/11/29 15:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2007/07/23 13:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld -- (MySQL) SRV - [2013/01/18 23:51:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/16 06:51:32 | 000,094,280 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Heimdal\HeimdalSecureDNS\DNSService.exe -- (HeimdalSecureDNS) SRV - [2013/01/16 06:50:56 | 000,150,088 | ---- | M] (CSIS Security Group) [Auto | Running] -- C:\Program Files\Heimdal\Service\HeimdalAgentService.exe -- (HeimdalService) SRV - [2013/01/14 11:08:02 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/08/27 10:01:00 | 000,012,800 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent) SRV - [2011/08/27 10:00:20 | 000,512,000 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE -- (OracleXETNSListener) SRV - [2011/08/27 09:59:56 | 000,069,632 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService) SRV - [2011/08/27 09:58:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE) SRV - [2011/08/27 09:58:50 | 115,773,440 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE) SRV - [2008/01/20 20:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY) DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2009/04/10 22:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008/01/20 20:23:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007/12/23 15:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2) DRV - [2007/10/04 19:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/09/26 06:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007/07/23 13:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLADResM.SYS -- (DLADResM) DRV - [2007/07/23 13:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007/07/23 13:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007/07/23 13:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007/07/23 13:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007/07/23 13:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007/07/23 13:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007/07/23 13:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007/07/23 12:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/07/23 12:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 69 0E FE D6 FC CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: redirector%40einaregilsson.com:2.8.1 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 23:51:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 23:50:33 | 000,000,000 | ---D | M] [2012/01/22 14:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013/01/10 13:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cfvgke5q.default\extensions [2013/01/10 13:21:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cfvgke5q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/05/17 12:38:02 | 000,000,000 | ---D | M] (Redirector) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cfvgke5q.default\extensions\redirector@einaregilsson.com [2012/12/12 15:45:06 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\cfvgke5q.default\extensions\firebug@software.joehewitt.com.xpi [2012/03/07 19:13:13 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\cfvgke5q.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012/08/23 10:13:17 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\cfvgke5q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013/01/18 23:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/01/18 23:51:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/10 19:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/10 19:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL CHR - plugin: Java Platform SE 7 U9 (Disabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Disabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Disabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: HTML5 Outliner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afoibpobokebhgfnknfndkgemglggomo\0.5.1.72_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: FlashBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\ CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: W3C HTML5 & CSS3 Validator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kobpbiokkobnmnaefmpcodeeficgbfkg\1.1.1_0\ CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/01/21 12:06:04 | 000,582,356 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost #[iPv6] O1 - Hosts: 127.0.0.1 clickbooth.com O1 - Hosts: 127.0.0.1 jmp.clickbooth.com O1 - Hosts: 127.0.0.1 fr.a2dfp.net O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 abcstats.com O1 - Hosts: 127.0.0.1 a.abv.bg O1 - Hosts: 127.0.0.1 adserver.abv.bg O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 ca.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 achmedia.com O1 - Hosts: 127.0.0.1 aconti.net O1 - Hosts: 127.0.0.1 secure.aconti.net O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti] O1 - Hosts: 127.0.0.1 csh.actiondesk.com O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie] O1 - Hosts: 127.0.0.1 ads.activepower.net O1 - Hosts: 15668 more lines... O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{267163EB-6683-426F-9573-70622D110D47}: DhcpNameServer = 10.1.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D0B3FA6-DF2B-406A-BC72-3F82FB9639FD}: NameServer = 24.217.0.5,24.217.201.67 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D43DD3A2-F41C-457F-A54A-08F702645DEE}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/01/26 00:35:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013/01/21 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\wrt54glv1.1 [2013/01/21 11:22:27 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/21 11:22:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp [2013/01/21 11:04:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/01/21 10:45:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/21 10:45:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/21 10:45:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/21 10:45:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/21 10:45:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/21 09:35:51 | 005,024,380 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2013/01/18 23:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/17 11:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal [2013/01/14 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Subversion [2013/01/14 22:58:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SQL Developer [2013/01/14 11:09:02 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/01/14 11:08:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/01/14 11:08:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/01/14 11:08:52 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/01/14 11:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CSIS [2013/01/14 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Heimdal [2013/01/13 11:39:46 | 000,000,000 | ---D | C] -- C:\Users\User\Oracle [2013/01/13 11:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 11g Express Edition [2013/01/13 11:37:16 | 000,000,000 | ---D | C] -- C:\oraclexe [2013/01/10 18:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013/01/10 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2013/01/10 12:37:24 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\resumes [2013/01/09 10:29:39 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/01/09 10:29:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/01/08 10:01:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.com [2013/01/07 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Eduard [2013/01/02 20:30:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\whiskey [2012/12/31 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\porky [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/26 00:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013/01/26 00:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3667368273-239511518-4274841958-1000UA.job [2013/01/25 23:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/25 23:33:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/25 23:33:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/25 23:33:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/25 14:59:35 | 2135,044,096 | -HS- | M] () -- C:\hiberfil.sys [2013/01/25 14:59:31 | 193,637,919 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/01/22 10:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3667368273-239511518-4274841958-1000Core.job [2013/01/21 12:06:04 | 000,582,356 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/01/21 09:36:31 | 005,024,380 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2013/01/20 10:51:45 | 001,024,236 | ---- | M] () -- C:\Users\User\Desktop\Three Amigos.zip [2013/01/14 11:20:00 | 000,711,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/14 11:20:00 | 000,145,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/14 11:08:44 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/01/14 11:08:41 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/01/14 11:08:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/01/14 11:08:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/01/14 11:08:40 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/01/14 11:08:40 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/01/14 11:08:01 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/01/14 11:08:01 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/01/11 15:01:59 | 000,000,600 | ---- | M] () -- C:\Users\User\AppData\Local\PUTTY.RND [2013/01/11 01:07:26 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/09 22:14:30 | 000,373,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/08 10:01:35 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.com [2013/01/06 12:14:13 | 001,071,787 | ---- | M] () -- C:\Users\User\Desktop\AnvilStudio.pdf [2012/12/28 16:58:15 | 008,136,935 | ---- | M] () -- C:\Users\User\Desktop\IBM-Smarter-Cities-Challenge-St-Louis-Report.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/21 10:45:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/21 10:45:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/21 10:45:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/21 10:45:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/21 10:45:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/20 10:51:43 | 001,024,236 | ---- | C] () -- C:\Users\User\Desktop\Three Amigos.zip [2013/01/14 11:08:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/11 15:01:59 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND [2013/01/06 12:14:09 | 001,071,787 | ---- | C] () -- C:\Users\User\Desktop\AnvilStudio.pdf [2012/12/28 16:58:09 | 008,136,935 | ---- | C] () -- C:\Users\User\Desktop\IBM-Smarter-Cities-Challenge-St-Louis-Report.pdf [2012/04/10 22:32:49 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/02/02 10:01:33 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/21 12:01:05 | 000,019,124 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 06:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2009/08/21 12:49:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2013/01/21 11:22:25 | 000,108,550 | ---- | M] () -- C:\ComboFix.txt [2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2013/01/25 14:59:35 | 2135,044,096 | -HS- | M] () -- C:\hiberfil.sys [2010/09/16 13:13:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/09/16 13:13:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013/01/25 14:59:31 | 2450,923,520 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-09 20:03:39 < End of report >

Ok, I'm going to wait another day or two on this. I'm afraid I might render this computer unusable. I have some stuff on it that I need. Sorry for the delay. Dave

I tried to paste the log in this message but it complained that it was too long. So I posted it here: http://pastebin.com/M2MswVbX ---------------------------------------------------------------------------------------------------------------- Below is the beginning and end of the log file: ComboFix 13-01-21.01 - User 01/21/2013 10:49:05.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1062 [GMT -6:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\npf.sys c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 ))))))))))))))))))))))))))))))) . [...] [7] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a\WSHTCPIP.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 133656] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Apache Servers.lnk - c:\apache\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2012-1-28 41051] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3667368273-239511518-4274841958-1000] "EnableNotificationsRef"=dword:00000001 . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:08] . 2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3667368273-239511518-4274841958-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 15:58] . 2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3667368273-239511518-4274841958-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 15:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105 TCP: Interfaces\{5D0B3FA6-DF2B-406A-BC72-3F82FB9639FD}: NameServer = 24.217.0.5,24.217.201.67 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cfvgke5q.default\ FF - prefs.js: browser.startup.homepage - www.google.com . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-21 11:07 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3960) c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\apache\Apache Software Foundation\Apache2.2\bin\httpd.exe c:\program files\Heimdal\HeimdalSecureDNS\DnsService.exe c:\apache\Apache Software Foundation\Apache2.2\bin\httpd.exe c:\program files\Heimdal\Service\HeimdalAgentService.exe c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Heimdal\Client\HeimdalAgent.exe c:\windows\System32\rundll32.exe c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2013-01-21 11:22:25 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-21 17:22 . Pre-Run: 25,610,874,880 bytes free Post-Run: 27,900,276,736 bytes free . - - End Of File - - 8119A578CEE2B81F5232586F859882D3

I'm sorry, I haven't checked in here for a week due to some personal distractions. Let me post the first file and then you can tell me what else you might like to see. Thanks. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by User at 10:03:20 on 2013-01-08 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.907 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\SLsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Apache\Apache Software Foundation\Apache2.2\bin\httpd.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\SearchIndexer.exe C:\Apache\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Windows\system32\taskeng.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\system32\igfxsrvc.exe C:\Apache\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Users\User\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer, optimized for Bing and MSN BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\apache\apache software foundation\apache2.2\bin\ApacheMonitor.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{267163EB-6683-426F-9573-70622D110D47} : DHCPNameServer = 10.1.1.1 TCP: Interfaces\{5D0B3FA6-DF2B-406A-BC72-3F82FB9639FD} : NameServer = 24.217.0.5,24.217.201.67 TCP: Interfaces\{D43DD3A2-F41C-457F-A54A-08F702645DEE} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\cfvgke5q.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R2 Apache2.2;Apache2.2;c:\apache\apache software foundation\apache2.2\bin\httpd.exe [2012-1-28 20549] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128] S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024] . =============== File Associations =============== . FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-01-07 17:12:01 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a05b0f4a-50a6-4b1f-b7c7-f06809da11aa}\mpengine.dll 2013-01-06 15:54:08 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-12-24 22:19:59 -------- d-----w- c:\users\user\appdata\roaming\Moyea 2012-12-24 22:18:35 -------- d-----w- c:\program files\Moyea 2012-12-24 04:26:16 -------- d-----w- c:\users\user\appdata\local\IsolatedStorage 2012-12-24 04:12:49 -------- d-----w- c:\program files\WPF Toolkit 2012-12-24 04:11:44 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2012-12-24 04:09:34 -------- d-----w- c:\program files\Microsoft Expression 2012-12-22 05:16:27 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 05:16:27 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-18 03:31:30 -------- d--h--w- c:\windows\msdownld.tmp 2012-12-12 22:17:10 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-12 22:17:08 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-12 22:17:08 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-12 22:17:08 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-12 22:17:08 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-12 22:17:07 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-12 22:17:07 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-12 22:17:07 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-12 22:17:05 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-12 22:17:05 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-12 22:17:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-12 11:25:09 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-12 11:25:08 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 11:25:08 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-12 11:25:07 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-12 11:24:52 2048 ----a-w- c:\windows\system32\tzres.dll . ==================== Find3M ==================== . 2012-12-25 23:02:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-25 23:02:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 10:04:34.64 ===============

I have a situation on a laptop running Vista that may indicate an infection. I have blue screens several times per week and I have no ability to get to the Manage Network Connections menu. The window for that menu can be seen briefly appearing and then vanishing. MalwareBytes and MSE do not detect anything. Advice would be appreciated. I've attached the two logs. Thanks, Dave dds.txt attach.zip

I go to http://www.mozilla.com and download FireFox 11.0 and then have MalwareBytes scan the zip file and it immediately reports it as trojan.FakeFireFox. How can I tell if I am really at www.mozilla.com when I do this download? Thanks.

The AT&T tech who called me this morning had no clue. I had sent them a link to this image. It shows a 12MB download from Microsoft through a proxy server (ninjacloak.com) followed by an attempt to download the same file directly from Microsoft (looks like noise and is aborted). Something in the direct path obviously isn't working. So it's going to be "Goodbye AT&T DSL. Hello Charter Cable internet."

Ok, removed the old drives and installed a new drive, formatted it and reinstalled XP SP3 and the problem was still very apparent when I got to the ninety plus Microsoft updates. Either my Siemens DSL modem is the problem or it's in the AT&T network.

Yes, IE8, FF, Chrome, Safari. The symptom even occurs with those download wizard things. I did find that I was able to run some diagnostics on my other computer that lock up this laptop, such as DDS, but I don't know if you would want to look at those logs. It would essentially be starting over with a second machine.

Actually I should have said; I have removed the HOSTS file entirely with no effect on the problem.

Thanks for your help. I have tried MSN in the HOSTS file just to avoid the ads after logging out of Hotmail. If the downloads were actually being blocked cleanly I would suspect the HOSTS file, but as it is the downloads begin but then fizzle out. When I have time I'll try to acquire a bootable DVD and will then report back if I find anything. Thanks again.

I'd rather learn more about what this is so that if it happens again I won't be as clueless. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 117): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A8000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7597000 pci.sys 0xF75F7000 isapnp.sys 0xF789B000 compbatt.sys 0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF74D9000 pcmcia.sys 0xF7607000 MountMgr.sys 0xF74BA000 ftdisk.sys 0xF770F000 PartMgr.sys 0xF7617000 VolSnap.sys 0xF74A2000 atapi.sys 0xF7627000 disk.sys 0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7482000 fltmgr.sys 0xF7470000 sr.sys 0xF7459000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF742C000 NDIS.sys 0xF7412000 Mup.sys 0xF7647000 agp440.sys 0xF7587000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xBA7D8000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xB9E23000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB9E0F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF778F000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9DEB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7797000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB9DC2000 \SystemRoot\system32\DRIVERS\b57xp32.sys 0xF779F000 \SystemRoot\system32\DRIVERS\ozscr.sys 0xBA7D4000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS 0xF7557000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF77A7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF77AF000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7547000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA7D0000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB9DAE000 \SystemRoot\system32\DRIVERS\parport.sys 0xF7537000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF7527000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB9D8B000 \SystemRoot\system32\DRIVERS\ks.sys 0xB9D5B000 \SystemRoot\system32\drivers\STAC97.sys 0xB9D37000 \SystemRoot\system32\drivers\portcls.sys 0xF7517000 \SystemRoot\system32\drivers\drmk.sys 0xF7A9B000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7507000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA7C4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9D16000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF74F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA78F000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF77B7000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9D05000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA77F000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF781F000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF772F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB8958000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA72F000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7999000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB88FA000 \SystemRoot\system32\DRIVERS\update.sys 0xBA0F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA6FF000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF76F7000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF799F000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xADD90000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0xABFD0000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xABD12000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xAC0BE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xB8B6E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7A6E000 \SystemRoot\System32\Drivers\Null.SYS 0xB8B6C000 \SystemRoot\System32\Drivers\Beep.SYS 0xAC0AE000 \SystemRoot\System32\drivers\vga.sys 0xB8B6A000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xB8B68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xAC0A6000 \SystemRoot\System32\Drivers\Msfs.SYS 0xB9F98000 \SystemRoot\System32\Drivers\Npfs.SYS 0xABFCC000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAB3C1000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAB368000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAB340000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAB31E000 \SystemRoot\System32\drivers\afd.sys 0xAC9FF000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAB2F3000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAB9CD000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS 0xAB283000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF775F000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4234979-4A81-4DFF-BC11-630DA6351FEF}\MpKsl56e9dd7b.sys 0xAB25D000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xABC55000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAB9C5000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xABC35000 \SystemRoot\System32\Drivers\Fips.SYS 0xAB239000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xAB221000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79E5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB9CE7000 \SystemRoot\System32\drivers\Dxapi.sys 0xAB921000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xB898C000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF04E000 \SystemRoot\System32\ati3d2ag.dll 0xBF149000 \SystemRoot\System32\ATMFD.DLL 0xAB219000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAB0B4000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB973D000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xAB11D000 \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys 0xAAFE4000 \SystemRoot\system32\DRIVERS\srv.sys 0xAAD9F000 \SystemRoot\system32\drivers\wdmaud.sys 0xACA2F000 \SystemRoot\system32\drivers\sysaudio.sys 0xAA9E0000 \SystemRoot\System32\Drivers\HTTP.sys 0xF7747000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{90A9B5BC-60D6-4C0B-8714-C8C8914B1C9C}\MpKsle03243b4.sys 0xAB474000 \SystemRoot\System32\Drivers\Cdfs.SYS 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 27): 0 System Idle Process 4 System 464 C:\WINDOWS\system32\smss.exe 520 csrss.exe 556 C:\WINDOWS\system32\winlogon.exe 600 C:\WINDOWS\system32\services.exe 612 C:\WINDOWS\system32\lsass.exe 768 C:\WINDOWS\system32\svchost.exe 844 svchost.exe 908 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 944 C:\WINDOWS\system32\svchost.exe 1024 svchost.exe 1148 svchost.exe 1276 C:\WINDOWS\system32\spoolsv.exe 1324 scardsvr.exe 1376 svchost.exe 1440 C:\Program Files\Java\jre6\bin\jqs.exe 1464 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe 1644 sqlbrowser.exe 1676 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 164 alg.exe 2028 C:\WINDOWS\explorer.exe 968 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1040 C:\Program Files\Microsoft Security Client\msseces.exe 356 C:\WINDOWS\system32\ctfmon.exe 496 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE 2544 C:\Documents and Settings\Dave\Desktop\M87687BRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: HITACHI_DK23EB-40, Rev: 00K0A0C0 Size Device Name MBR Status -------------------------------------------- 37 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!

I'm thinking maybe I ought to just buy another HD for $60 and start reinstalling everything. 2011/04/08 10:41:06.0935 1224 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/08 10:41:07.0106 1224 ================================================================================ 2011/04/08 10:41:07.0106 1224 SystemInfo: 2011/04/08 10:41:07.0106 1224 2011/04/08 10:41:07.0106 1224 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/08 10:41:07.0106 1224 Product type: Workstation 2011/04/08 10:41:07.0106 1224 ComputerName: YOUR-BFE930219B 2011/04/08 10:41:07.0106 1224 UserName: Dave 2011/04/08 10:41:07.0106 1224 Windows directory: C:\WINDOWS 2011/04/08 10:41:07.0106 1224 System windows directory: C:\WINDOWS 2011/04/08 10:41:07.0106 1224 Processor architecture: Intel x86 2011/04/08 10:41:07.0106 1224 Number of processors: 1 2011/04/08 10:41:07.0106 1224 Page size: 0x1000 2011/04/08 10:41:07.0106 1224 Boot type: Normal boot 2011/04/08 10:41:07.0106 1224 ================================================================================ 2011/04/08 10:41:10.0581 1224 Initialize success 2011/04/08 10:41:13.0265 2432 ================================================================================ 2011/04/08 10:41:13.0265 2432 Scan started 2011/04/08 10:41:13.0265 2432 Mode: Manual; 2011/04/08 10:41:13.0265 2432 ================================================================================ 2011/04/08 10:41:15.0528 2432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/08 10:41:16.0299 2432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/08 10:41:16.0940 2432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/08 10:41:17.0350 2432 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/04/08 10:41:17.0721 2432 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/04/08 10:41:19.0734 2432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/08 10:41:20.0064 2432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/08 10:41:20.0785 2432 ati2mtag (31b35cc6deb111d4ebcdba20f64cd277) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/04/08 10:41:21.0376 2432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/08 10:41:21.0777 2432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/08 10:41:22.0197 2432 b57w2k (f26e6eaedea6eb87ae4c5d2f678a1bc2) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/04/08 10:41:22.0588 2432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/08 10:41:23.0069 2432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/08 10:41:23.0609 2432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/08 10:41:23.0940 2432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/08 10:41:24.0290 2432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/08 10:41:24.0841 2432 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/04/08 10:41:25.0442 2432 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/04/08 10:41:25.0973 2432 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys 2011/04/08 10:41:26.0894 2432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/08 10:41:27.0495 2432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/08 10:41:28.0106 2432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/08 10:41:28.0476 2432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/08 10:41:28.0817 2432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/08 10:41:29.0398 2432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/08 10:41:29.0788 2432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/08 10:41:30.0159 2432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/04/08 10:41:30.0529 2432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/08 10:41:30.0860 2432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/04/08 10:41:31.0240 2432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/04/08 10:41:31.0631 2432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/08 10:41:32.0011 2432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/08 10:41:32.0392 2432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/08 10:41:32.0733 2432 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/08 10:41:33.0373 2432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/08 10:41:34.0175 2432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/08 10:41:34.0525 2432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/08 10:41:35.0086 2432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/04/08 10:41:35.0416 2432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/08 10:41:35.0737 2432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/04/08 10:41:36.0077 2432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/08 10:41:36.0548 2432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/08 10:41:36.0929 2432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/08 10:41:37.0319 2432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/08 10:41:37.0670 2432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/08 10:41:38.0020 2432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/08 10:41:38.0371 2432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/08 10:41:38.0771 2432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/08 10:41:39.0172 2432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/08 10:41:39.0773 2432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/08 10:41:40.0113 2432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/08 10:41:40.0444 2432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/08 10:41:40.0784 2432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/08 10:41:41.0115 2432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/08 10:41:41.0525 2432 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/04/08 10:41:41.0886 2432 MpKsl56e9dd7b (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4234979-4A81-4DFF-BC11-630DA6351FEF}\MpKsl56e9dd7b.sys 2011/04/08 10:41:42.0767 2432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/08 10:41:43.0278 2432 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/08 10:41:43.0748 2432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/08 10:41:44.0069 2432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/08 10:41:44.0389 2432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/08 10:41:44.0690 2432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/08 10:41:45.0010 2432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/08 10:41:45.0401 2432 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/08 10:41:45.0921 2432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/08 10:41:46.0322 2432 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/08 10:41:46.0693 2432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/08 10:41:47.0043 2432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/08 10:41:47.0404 2432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/08 10:41:47.0744 2432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/08 10:41:48.0125 2432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/08 10:41:48.0575 2432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/08 10:41:49.0106 2432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/08 10:41:49.0617 2432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/08 10:41:49.0857 2432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/08 10:41:50.0188 2432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/08 10:41:50.0568 2432 O2SCBUS (7f8d43fd4159b16ebfd65e13ee34677f) C:\WINDOWS\system32\DRIVERS\ozscr.sys 2011/04/08 10:41:50.0899 2432 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 2011/04/08 10:41:51.0269 2432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/04/08 10:41:51.0620 2432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/08 10:41:51.0950 2432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/08 10:41:52.0301 2432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/08 10:41:52.0851 2432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/08 10:41:53.0212 2432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/04/08 10:41:54.0844 2432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/08 10:41:55.0205 2432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/08 10:41:55.0565 2432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/08 10:41:57.0128 2432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/08 10:41:57.0468 2432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/08 10:41:57.0849 2432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/08 10:41:58.0189 2432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/08 10:41:58.0600 2432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/08 10:41:58.0970 2432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/08 10:41:59.0371 2432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/08 10:41:59.0811 2432 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/08 10:42:00.0192 2432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/08 10:42:00.0633 2432 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys 2011/04/08 10:42:01.0083 2432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/08 10:42:01.0424 2432 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/08 10:42:01.0764 2432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/08 10:42:02.0155 2432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/08 10:42:02.0916 2432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/08 10:42:03.0266 2432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/08 10:42:03.0737 2432 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/08 10:42:04.0208 2432 STAC97 (f2ca38990f140025b91ee7bbd315f44c) C:\WINDOWS\system32\drivers\STAC97.sys 2011/04/08 10:42:04.0588 2432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/08 10:42:04.0969 2432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/08 10:42:06.0161 2432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/08 10:42:06.0631 2432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/08 10:42:07.0042 2432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/08 10:42:07.0362 2432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/08 10:42:07.0713 2432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/08 10:42:08.0374 2432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/08 10:42:09.0055 2432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/08 10:42:09.0505 2432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/08 10:42:09.0866 2432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/08 10:42:10.0206 2432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/08 10:42:10.0497 2432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/08 10:42:10.0817 2432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/08 10:42:11.0368 2432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/08 10:42:11.0769 2432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/08 10:42:12.0289 2432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/08 10:42:12.0910 2432 ================================================================================ 2011/04/08 10:42:12.0910 2432 Scan finished 2011/04/08 10:42:12.0910 2432 ================================================================================

Since this idea has apparently been bounced around for some time without getting any traction may I ask what the primary objections are? Would scanners such as Malwarebytes require significant redesigns to load into, update, and scan such a system? I guess it would ideally treat the untrusted disks as read-only until the scans were complete. Is this even practical with 2GB of ram? Thanks.

Oops, I see that this was just suggested in the previous CD thread.

With malware getting more and more undetectable wouldn't it make sense for products like Malwarebytes to be sold on a bootable DVD so that an infected system could be booted cleanly and then have the hard disks scanned? I am guessing that a root-kit cannot hide if it is not running. Thanks

Looks like Combofix does what DDS does -- produce a lockup. Maybe I should describe the lockup: The mouse cursor is still alive but even ctrl-alt-del doesn't work. I am curious whether a bootable DVD might be available for this sort of anti-malware investigation? Thanks.

OTL Extras logfile created on: 4/3/2011 11:32:02 PM - Run 7 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dave\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 4.84 Gb Free Space | 12.99% Space Free | Partition Type: NTFS Drive E: | 3.73 Gb Total Space | 0.61 Gb Free Space | 16.47% Space Free | Partition Type: FAT32 Computer Name: YOUR-BFE930219B | User Name: Dave | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Dave\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager "C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi "C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24 "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86) "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{440A992F-3BDB-4D76-9CB4-B4C09F5998B7}" = Microsoft SQL Server 2008 Books Online (October 2009) "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{6F7F59D5-12F6-4571-9935-A2921AA17F78}" = Microsoft SQL Server 2008 Setup Support Files (English) "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007 "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0 "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer "{BCD2FF98-7DF2-4FE2-B7E3-9593C5D66A4E}_is1" = Iconoid version 3.8.6 "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU "{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Display Driver" = ATI Display Driver "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "ESET Online Scanner" = ESET Online Scanner v3 "ie8" = Windows Internet Explorer 8 "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mozilla Thunderbird (3.0.3)" = Mozilla Thunderbird (3.0.3) "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Office8.0" = Microsoft Office 97, Professional Edition "Trojan Remover_is1" = Trojan Remover 6.8.2 "VISPRO" = Microsoft Office Visio Professional 2007 "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows XP Service Pack" = Windows XP Service Pack 3 "WinFF_is1" = WinFF 1.3.1 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR 4.00 (32-bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f031ef6ac137efc5" = Dell Driver Download Manager "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/17/2011 12:32:29 PM | Computer Name = YOUR-BFE930219B | Source = Microsoft Security Client Setup | ID = 100 Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A. Error - 3/17/2011 1:10:16 PM | Computer Name = YOUR-BFE930219B | Source = Microsoft Security Client Setup | ID = 100 Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A. Error - 3/21/2011 11:23:38 AM | Computer Name = YOUR-BFE930219B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 3/21/2011 12:34:00 PM | Computer Name = YOUR-BFE930219B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8107.0, P4 0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 3/24/2011 6:13:22 AM | Computer Name = YOUR-BFE930219B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 3/24/2011 6:15:56 AM | Computer Name = YOUR-BFE930219B | Source = Microsoft Security Client | ID = 5000 Description = Error - 4/1/2011 12:24:43 PM | Computer Name = YOUR-BFE930219B | Source = devenv | ID = 0 Description = Error - 4/2/2011 2:19:57 PM | Computer Name = YOUR-BFE930219B | Source = devenv | ID = 0 Description = [ System Events ] Error - 3/31/2011 9:35:55 PM | Computer Name = YOUR-BFE930219B | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\D. Error - 4/1/2011 12:00:49 AM | Computer Name = YOUR-BFE930219B | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\D. Error - 4/1/2011 10:53:09 AM | Computer Name = YOUR-BFE930219B | Source = Service Control Manager | ID = 7000 Description = The Ati HotKey Poller service failed to start due to the following error: %%2 Error - 4/1/2011 12:32:01 PM | Computer Name = YOUR-BFE930219B | Source = Schannel | ID = 36882 Description = The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate. Error - 4/2/2011 10:17:10 AM | Computer Name = YOUR-BFE930219B | Source = Service Control Manager | ID = 7000 Description = The Ati HotKey Poller service failed to start due to the following error: %%2 Error - 4/2/2011 2:17:18 PM | Computer Name = YOUR-BFE930219B | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\D. Error - 4/2/2011 11:23:38 PM | Computer Name = YOUR-BFE930219B | Source = Service Control Manager | ID = 7000 Description = The Ati HotKey Poller service failed to start due to the following error: %%2 Error - 4/3/2011 11:31:00 AM | Computer Name = YOUR-BFE930219B | Source = Service Control Manager | ID = 7000 Description = The Ati HotKey Poller service failed to start due to the following error: %%2 Error - 4/3/2011 11:53:10 PM | Computer Name = YOUR-BFE930219B | Source = Service Control Manager | ID = 7000 Description = The Ati HotKey Poller service failed to start due to the following error: %%2 Error - 4/4/2011 1:25:40 AM | Computer Name = YOUR-BFE930219B | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\D. < End of report >