Jump to content

Recommended Posts

No matter how many times mbam scans and removes this hijack.startmenu each time i boot into windows the virus is back. please help, im pulling my hair out trying to get rid of this stupid thing.

DDS Scan Results

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Katie Thompson at 21:38:39 on 2012-01-23

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.2449 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Security Client\msseces.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\software\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [Aim6]

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [PIFoHdCpFL.exe] c:\programdata\PIFoHdCpFL.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"

mRun: [uCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"

mRun: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyADUAOQAyADMANwA1ADIALQBLAFYAMwArADcALQBYAEwAKwAxAC0AVAA0AC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: Interfaces\{B140DBD3-84A2-4F3D-96CF-397858D56E07} : NameServer = 68.94.156.1,151.164.8.201

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\katie thompson\appdata\roaming\mozilla\firefox\profiles\un0ugy9u.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\software\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\users\katie thompson\appdata\roaming\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\users\katie thompson\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\software\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\katie thompson\appdata\roaming\Move Networks

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

.

============= SERVICES / DRIVERS ===============

.

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 03:10:18];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-28 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-29 136176]

S2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]

S2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-1-16 365952]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-10 24652]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-16 222512]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-29 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-9 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-23 107360]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]

.

=============== Created Last 30 ================

.

2012-01-22 16:54:33 -------- d-s---w- C:\ComboFix

2012-01-22 04:40:55 360328 ----a-w- c:\programdata\EwEKPHTPPgYiFx.exe

2012-01-22 04:25:39 451464 ----a-w- c:\programdata\PIFoHdCpFL.exe

2012-01-21 07:04:17 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{995e907f-9f57-4018-8d74-f968cb520fa2}\mpengine.dll

2012-01-10 23:03:02 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-10 23:03:02 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-10 23:03:00 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-10 23:02:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-10 23:02:57 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-10 23:02:56 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-10 23:02:55 66560 ----a-w- c:\windows\system32\packager.dll

.

==================== Find3M ====================

.

2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 21:38:48.67 ===============

Link to post
Share on other sites

Hello Rommel711 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

No matter how many times mbam scans and removes this hijack.startmenu each time i boot into windows the virus is back. please help, im pulling my hair out trying to get rid of this stupid thing.

Your system is infected and this item is regenerated. Let's clean it.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, please include:

  • TDSSKiller log
  • OTL.Txt and Extras.Txt

Link to post
Share on other sites

as for otl i tried running normal mode, some of the virus windows popped up during the process. if this is a problem i can re- run in safe mode. here are the results. also the extras.txt never came up, only otl.txt.

the default settings were as follows:

scan all users (checked)

process (use safe list)

services (use safe list)

standard registry (use safe list)

modules (no company name)

drivers (use safe list)

Extra Registry (none)

These are the results of the OTL.TXT file

OTL logfile created on: 1/24/2012 8:38:16 PM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Katie Thompson\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.62% Memory free

6.19 Gb Paging File | 5.22 Gb Available in Paging File | 84.25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 221.25 Gb Total Space | 97.60 Gb Free Space | 44.11% Space Free | Partition Type: NTFS

Drive D: | 11.63 Gb Total Space | 1.89 Gb Free Space | 16.26% Space Free | Partition Type: NTFS

Drive E: | 7.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BATMAN | User Name: Katie Thompson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/24 20:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Katie Thompson\Desktop\OTL.exe

PRC - [2012/01/21 22:40:56 | 000,360,328 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\EwEKPHTPPgYiFx.exe

PRC - [2012/01/21 22:22:28 | 000,451,464 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\PIFoHdCpFL.exe

PRC - [2011/08/05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe

PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2009/06/03 19:43:18 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/06/03 19:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe

PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe

PRC - [2008/12/17 18:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe

PRC - [2008/11/28 19:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2008/11/18 20:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

PRC - [2007/01/04 15:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/11 03:27:23 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll

MOD - [2011/10/14 02:30:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll

MOD - [2011/10/14 02:28:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MOD - [2011/10/14 02:25:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MOD - [2011/10/14 02:25:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011/10/14 02:25:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011/10/14 02:25:05 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll

MOD - [2011/10/14 02:24:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll

MOD - [2011/10/14 02:24:52 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll

MOD - [2011/10/14 02:24:36 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll

MOD - [2011/10/14 02:24:24 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll

MOD - [2011/10/14 02:24:20 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011/10/14 02:24:12 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/12/04 10:58:39 | 000,141,824 | -H-- | M] () -- C:\Software\WinRAR\RarExt.dll

MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2008/12/31 06:36:16 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2011/08/05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV - [2011/08/05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/09/16 13:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2009/06/03 19:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV)

SRV - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe -- (AESTFilters)

SRV - [2008/12/17 18:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/01/04 15:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/06/23 09:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)

DRV - [2009/11/08 21:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - [2009/06/03 19:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2008/12/31 08:00:52 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008/11/28 19:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/20 03:10:18] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

DRV - [2008/11/04 09:37:28 | 000,044,320 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2008/10/23 03:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008/09/04 11:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008/08/06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/03/27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2008/03/27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2008/01/20 20:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Katie Thompson\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Software\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2010/08/22 12:41:45 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Software\Mozilla Firefox\components [2011/01/09 00:15:44 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Software\Mozilla Firefox\plugins [2011/04/30 14:04:12 | 000,000,000 | -H-D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Katie Thompson\AppData\Roaming\Move Networks [2009/12/10 23:49:45 | 000,000,000 | -H-D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Software\Mozilla Firefox\components [2011/01/09 00:15:44 | 000,000,000 | -H-D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Software\Mozilla Firefox\plugins [2011/04/30 14:04:12 | 000,000,000 | -H-D | M]

[2009/08/09 20:55:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Katie Thompson\AppData\Roaming\Mozilla\Extensions

[2012/01/21 21:53:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Katie Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\un0ugy9u.default\extensions

[2011/03/13 20:06:34 | 000,000,000 | -H-D | M] (Personas) -- C:\Users\Katie Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\un0ugy9u.default\extensions\personas@christopher.beard

[2009/10/29 08:43:31 | 000,000,000 | -H-D | M] (Java Console) -- C:\SOFTWARE\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/12/04 12:56:16 | 000,000,000 | -H-D | M] (Java Console) -- C:\SOFTWARE\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/06/06 21:10:45 | 000,000,000 | -H-D | M] (Java Console) -- C:\SOFTWARE\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/15 10:09:46 | 000,000,000 | -H-D | M] (Java Console) -- C:\SOFTWARE\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/15 11:56:58 | 000,000,000 | -H-D | M] (Java Console) -- C:\SOFTWARE\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/16 08:46:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\SOFTWARE\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/12 15:53:11 | 000,000,000 | -H-D | M] (Java Console) -- C:\SOFTWARE\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2009/12/10 23:49:45 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\USERS\KATIE THOMPSON\APPDATA\ROAMING\MOVE NETWORKS

[2009/09/23 00:12:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Software\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)

O3 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000..\Run: [PIFoHdCpFL.exe] C:\ProgramData\PIFoHdCpFL.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B140DBD3-84A2-4F3D-96CF-397858D56E07}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Katie Thompson\Pictures\Random\Phone pictures 005.jpg

O24 - Desktop BackupWallPaper: C:\Users\Katie Thompson\Pictures\Random\Phone pictures 005.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 20:21:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Katie Thompson\Desktop\OTL.exe

[2012/01/24 20:15:03 | 002,058,032 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Katie Thompson\Desktop\tdsskiller.exe

[2012/01/22 11:12:08 | 000,607,260 | RH-- | C] (Swearware) -- C:\Users\Katie Thompson\Desktop\dds.com

[2012/01/22 10:54:33 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/01/22 10:54:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/01/22 10:52:51 | 000,000,000 | -H-D | C] -- C:\Qoobox

[2012/01/22 10:52:30 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/01/21 23:01:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/01/21 22:41:09 | 000,000,000 | -H-D | C] -- C:\Users\Katie Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

[2012/01/21 22:40:55 | 000,360,328 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\EwEKPHTPPgYiFx.exe

[2012/01/21 22:25:39 | 000,451,464 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\PIFoHdCpFL.exe

[1 C:\Users\Katie Thompson\Desktop\*.tmp files -> C:\Users\Katie Thompson\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/24 20:24:53 | 000,597,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/01/24 20:24:53 | 000,102,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/01/24 20:22:43 | 000,000,448 | -H-- | M] () -- C:\ProgramData\EwEKPHTPPgYiFx

[2012/01/24 20:22:32 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~EwEKPHTPPgYiFx

[2012/01/24 20:20:35 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/24 20:20:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/24 20:20:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/24 20:20:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/24 20:20:01 | 3218,276,352 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/24 20:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Katie Thompson\Desktop\OTL.exe

[2012/01/24 20:12:28 | 002,058,032 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Katie Thompson\Desktop\tdsskiller.exe

[2012/01/24 20:04:22 | 000,007,512 | -H-- | M] () -- C:\Users\Katie Thompson\AppData\Local\d3d9caps.dat

[2012/01/22 11:12:08 | 000,607,260 | RH-- | M] (Swearware) -- C:\Users\Katie Thompson\Desktop\dds.com

[2012/01/22 09:55:51 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~EwEKPHTPPgYiFxr

[2012/01/22 09:55:35 | 000,000,629 | -H-- | M] () -- C:\Users\Katie Thompson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

[2012/01/21 23:23:25 | 000,375,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/01/21 22:55:59 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/01/21 22:48:25 | 000,001,994 | -H-- | M] () -- C:\Users\Katie Thompson\Desktop\Power2Go.lnk

[2012/01/21 22:48:25 | 000,001,863 | -H-- | M] () -- C:\Users\Katie Thompson\Desktop\The Rosetta Stone.lnk

[2012/01/21 22:48:25 | 000,000,312 | ---- | M] () -- C:\Users\Katie Thompson\Desktop\Zune.lnk

[2012/01/21 22:48:25 | 000,000,210 | -H-- | M] () -- C:\Users\Katie Thompson\Desktop\System Check.lnk

[2012/01/21 22:48:25 | 000,000,110 | -H-- | M] () -- C:\Users\Katie Thompson\Desktop\My Documents.lnk

[2012/01/21 22:48:24 | 000,001,805 | -H-- | M] () -- C:\Users\Katie Thompson\Desktop\Audacity 1.3 Beta (Unicode).lnk

[2012/01/21 22:48:24 | 000,001,593 | -H-- | M] () -- C:\Users\Katie Thompson\Desktop\Malwarebytes' Anti-Malware.lnk

[2012/01/21 22:48:24 | 000,001,541 | -H-- | M] () -- C:\Users\Katie Thompson\Desktop\CCleaner.lnk

[2012/01/21 22:48:24 | 000,000,104 | -H-- | M] () -- C:\Users\Katie Thompson\Desktop\My Computer.lnk

[2012/01/21 21:46:59 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[1 C:\Users\Katie Thompson\Desktop\*.tmp files -> C:\Users\Katie Thompson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 20:20:01 | 3218,276,352 | -HS- | C] () -- C:\hiberfil.sys

[2012/01/22 09:55:35 | 000,000,629 | -H-- | C] () -- C:\Users\Katie Thompson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

[2012/01/21 22:41:10 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~EwEKPHTPPgYiFx

[2012/01/21 22:41:10 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~EwEKPHTPPgYiFxr

[2012/01/21 22:41:09 | 000,000,210 | -H-- | C] () -- C:\Users\Katie Thompson\Desktop\System Check.lnk

[2012/01/21 22:41:06 | 000,000,448 | -H-- | C] () -- C:\ProgramData\EwEKPHTPPgYiFx

[2010/12/05 18:57:13 | 000,003,584 | -H-- | C] () -- C:\Users\Katie Thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/10/03 22:22:26 | 000,007,512 | -H-- | C] () -- C:\Users\Katie Thompson\AppData\Local\d3d9caps.dat

[2009/09/22 07:40:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/22 07:40:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/21 06:44:08 | 000,005,362 | -H-- | C] () -- C:\Users\Katie Thompson\AppData\Roaming\wklnhst.dat

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/07/20 04:07:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/07/20 03:42:34 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[2009/01/16 04:02:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/12/31 06:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/12/31 05:55:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/10/30 03:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/10/21 06:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe

[2008/10/21 06:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 06:47:37 | 000,375,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 04:33:01 | 000,597,784 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 04:33:01 | 000,102,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[1997/09/17 21:00:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2009/08/10 08:26:56 | 000,000,000 | -H-D | M] -- C:\Users\Katie Thompson\AppData\Roaming\acccore

[2011/12/16 18:42:47 | 000,000,000 | -H-D | M] -- C:\Users\Katie Thompson\AppData\Roaming\Audacity

[2011/10/18 18:15:46 | 000,000,000 | -H-D | M] -- C:\Users\Katie Thompson\AppData\Roaming\Eurotalk

[2009/12/05 08:19:25 | 000,000,000 | -H-D | M] -- C:\Users\Katie Thompson\AppData\Roaming\OpenOffice.org

[2009/09/21 06:44:17 | 000,000,000 | -H-D | M] -- C:\Users\Katie Thompson\AppData\Roaming\Template

[2011/04/10 10:27:38 | 000,000,000 | -H-D | M] -- C:\Users\Katie Thompson\AppData\Roaming\Tropico 3

[2009/12/05 08:24:06 | 000,000,000 | -H-D | M] -- C:\Users\Katie Thompson\AppData\Roaming\Tropico3

[2012/01/24 19:30:36 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

sorry forgot to post the results of the TDSKiller:

20:21:41.0502 3904 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27

20:21:41.0533 3904 ============================================================

20:21:41.0533 3904 Current date / time: 2012/01/24 20:21:41.0533

20:21:41.0533 3904 SystemInfo:

20:21:41.0533 3904

20:21:41.0533 3904 OS Version: 6.0.6002 ServicePack: 2.0

20:21:41.0533 3904 Product type: Workstation

20:21:41.0533 3904 ComputerName: BATMAN

20:21:41.0533 3904 UserName: Katie Thompson

20:21:41.0533 3904 Windows directory: C:\Windows

20:21:41.0533 3904 System windows directory: C:\Windows

20:21:41.0533 3904 Processor architecture: Intel x86

20:21:41.0533 3904 Number of processors: 2

20:21:41.0533 3904 Page size: 0x1000

20:21:41.0533 3904 Boot type: Normal boot

20:21:41.0533 3904 ============================================================

20:21:44.0076 3904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:21:44.0528 3904 Initialize success

20:21:55.0802 3936 ============================================================

20:21:55.0802 3936 Scan started

20:21:55.0802 3936 Mode: Manual; SigCheck; TDLFS;

20:21:55.0802 3936 ============================================================

20:21:59.0951 3936 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys

20:22:00.0435 3936 Accelerometer - ok

20:22:00.0591 3936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

20:22:00.0607 3936 ACPI - ok

20:22:01.0059 3936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

20:22:01.0090 3936 adp94xx - ok

20:22:01.0231 3936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

20:22:01.0246 3936 adpahci - ok

20:22:01.0465 3936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

20:22:01.0480 3936 adpu160m - ok

20:22:01.0558 3936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

20:22:01.0574 3936 adpu320 - ok

20:22:02.0245 3936 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

20:22:38.0750 3936 AFD - ok

20:22:38.0906 3936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

20:22:38.0921 3936 agp440 - ok

20:22:38.0984 3936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:22:38.0999 3936 aic78xx - ok

20:22:39.0077 3936 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys

20:22:39.0093 3936 aliide - ok

20:22:39.0202 3936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

20:22:39.0218 3936 amdagp - ok

20:22:39.0233 3936 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys

20:22:39.0233 3936 amdide - ok

20:22:39.0405 3936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

20:22:39.0671 3936 AmdK7 - ok

20:22:39.0811 3936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

20:22:39.0889 3936 AmdK8 - ok

20:22:40.0108 3936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

20:22:40.0123 3936 arc - ok

20:22:40.0919 3936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

20:22:40.0966 3936 arcsas - ok

20:22:41.0122 3936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

20:22:41.0231 3936 AsyncMac - ok

20:22:41.0371 3936 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

20:22:41.0387 3936 atapi - ok

20:22:41.0683 3936 atikmdag (96f5eea88f9146f5f803ad20c4264565) C:\Windows\system32\DRIVERS\atikmdag.sys

20:22:42.0167 3936 atikmdag - ok

20:22:42.0401 3936 BCM43XX (b9dce12ea5d337975c444787b66bbfde) C:\Windows\system32\DRIVERS\bcmwl6.sys

20:22:42.0510 3936 BCM43XX - ok

20:22:42.0604 3936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

20:22:45.0336 3936 Beep - ok

20:22:45.0664 3936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

20:22:47.0178 3936 blbdrive - ok

20:22:47.0973 3936 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

20:22:48.0051 3936 bowser - ok

20:22:48.0457 3936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

20:22:48.0550 3936 BrFiltLo - ok

20:22:48.0675 3936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

20:22:48.0722 3936 BrFiltUp - ok

20:22:48.0878 3936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

20:22:49.0143 3936 Brserid - ok

20:22:49.0237 3936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

20:22:49.0315 3936 BrSerWdm - ok

20:22:49.0502 3936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

20:22:49.0549 3936 BrUsbMdm - ok

20:22:49.0674 3936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

20:22:49.0736 3936 BrUsbSer - ok

20:22:49.0876 3936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

20:22:49.0954 3936 BTHMODEM - ok

20:22:50.0173 3936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

20:22:50.0220 3936 cdfs - ok

20:22:50.0438 3936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

20:22:50.0485 3936 cdrom - ok

20:22:50.0547 3936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

20:22:50.0594 3936 circlass - ok

20:22:50.0750 3936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

20:22:50.0766 3936 CLFS - ok

20:22:50.0875 3936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

20:22:50.0922 3936 CmBatt - ok

20:22:51.0046 3936 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys

20:22:51.0046 3936 cmdide - ok

20:22:51.0296 3936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

20:22:51.0296 3936 Compbatt - ok

20:22:51.0436 3936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

20:22:51.0436 3936 crcdisk - ok

20:22:51.0639 3936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

20:22:51.0780 3936 Crusoe - ok

20:22:51.0998 3936 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

20:22:52.0029 3936 DfsC - ok

20:22:52.0294 3936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

20:22:52.0310 3936 disk - ok

20:22:52.0482 3936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

20:22:52.0544 3936 drmkaud - ok

20:22:52.0809 3936 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

20:22:52.0840 3936 DXGKrnl - ok

20:22:52.0950 3936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:22:52.0996 3936 E1G60 - ok

20:22:53.0277 3936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

20:22:53.0293 3936 Ecache - ok

20:22:53.0496 3936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

20:22:53.0511 3936 elxstor - ok

20:22:53.0823 3936 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys

20:22:53.0901 3936 enecir - ok

20:22:54.0026 3936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

20:22:54.0057 3936 ErrDev - ok

20:22:54.0291 3936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

20:22:54.0385 3936 exfat - ok

20:22:54.0541 3936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

20:22:54.0588 3936 fastfat - ok

20:22:54.0775 3936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

20:22:54.0806 3936 fdc - ok

20:22:54.0978 3936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

20:22:54.0978 3936 FileInfo - ok

20:22:55.0149 3936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

20:22:55.0243 3936 Filetrace - ok

20:22:55.0446 3936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

20:22:55.0492 3936 flpydisk - ok

20:22:55.0804 3936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

20:22:55.0820 3936 FltMgr - ok

20:22:56.0101 3936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

20:22:56.0132 3936 Fs_Rec - ok

20:22:56.0272 3936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

20:22:56.0288 3936 gagp30kx - ok

20:22:56.0522 3936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:22:56.0522 3936 GEARAspiWDM - ok

20:22:56.0694 3936 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

20:22:56.0740 3936 HdAudAddService - ok

20:22:56.0850 3936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:22:56.0912 3936 HDAudBus - ok

20:22:57.0021 3936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

20:22:57.0084 3936 HidBth - ok

20:22:57.0224 3936 HidIr (5a87127718873bd7f3bd7ac42b951d8e) C:\Windows\system32\DRIVERS\hidir.sys

20:22:57.0271 3936 HidIr - ok

20:22:57.0396 3936 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys

20:22:57.0427 3936 HidUsb - ok

20:22:57.0583 3936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

20:22:57.0598 3936 HpCISSs - ok

20:22:57.0770 3936 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys

20:22:57.0770 3936 hpdskflt - ok

20:22:57.0926 3936 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

20:22:58.0004 3936 HpqKbFiltr - ok

20:22:58.0144 3936 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys

20:22:58.0269 3936 HTCAND32 - ok

20:22:58.0534 3936 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys

20:22:58.0659 3936 htcnprot - ok

20:22:58.0737 3936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

20:22:58.0800 3936 HTTP - ok

20:22:59.0002 3936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

20:22:59.0018 3936 i2omp - ok

20:22:59.0221 3936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

20:22:59.0252 3936 i8042prt - ok

20:22:59.0408 3936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

20:22:59.0424 3936 iaStorV - ok

20:22:59.0673 3936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

20:22:59.0689 3936 iirsp - ok

20:22:59.0829 3936 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys

20:22:59.0829 3936 intelide - ok

20:23:00.0032 3936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

20:23:00.0157 3936 intelppm - ok

20:23:00.0453 3936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:23:00.0516 3936 IpFilterDriver - ok

20:23:00.0718 3936 IpInIp - ok

20:23:00.0906 3936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

20:23:00.0937 3936 IPMIDRV - ok

20:23:01.0077 3936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

20:23:01.0108 3936 IPNAT - ok

20:23:01.0374 3936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

20:23:01.0420 3936 IRENUM - ok

20:23:01.0561 3936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

20:23:01.0561 3936 isapnp - ok

20:23:01.0670 3936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

20:23:01.0670 3936 iScsiPrt - ok

20:23:01.0920 3936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

20:23:01.0920 3936 iteatapi - ok

20:23:02.0013 3936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

20:23:02.0029 3936 iteraid - ok

20:23:02.0310 3936 JMCR (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys

20:23:02.0419 3936 JMCR - ok

20:23:02.0559 3936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:23:02.0575 3936 kbdclass - ok

20:23:02.0684 3936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

20:23:02.0715 3936 kbdhid - ok

20:23:02.0902 3936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

20:23:02.0918 3936 KSecDD - ok

20:23:03.0168 3936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

20:23:03.0214 3936 lltdio - ok

20:23:03.0339 3936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

20:23:03.0355 3936 LSI_FC - ok

20:23:03.0573 3936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

20:23:03.0573 3936 LSI_SAS - ok

20:23:03.0698 3936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

20:23:03.0714 3936 LSI_SCSI - ok

20:23:03.0916 3936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

20:23:03.0948 3936 luafv - ok

20:23:04.0213 3936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

20:23:04.0213 3936 megasas - ok

20:23:04.0416 3936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

20:23:04.0431 3936 MegaSR - ok

20:23:04.0681 3936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

20:23:04.0743 3936 Modem - ok

20:23:04.0915 3936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

20:23:04.0977 3936 monitor - ok

20:23:05.0071 3936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

20:23:05.0086 3936 mouclass - ok

20:23:05.0211 3936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

20:23:05.0242 3936 mouhid - ok

20:23:05.0352 3936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

20:23:05.0367 3936 MountMgr - ok

20:23:05.0586 3936 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

20:23:05.0601 3936 MpFilter - ok

20:23:05.0742 3936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

20:23:05.0757 3936 mpio - ok

20:23:05.0929 3936 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

20:23:05.0944 3936 MpNWMon - ok

20:23:06.0054 3936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

20:23:06.0069 3936 mpsdrv - ok

20:23:06.0225 3936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

20:23:06.0241 3936 Mraid35x - ok

20:23:06.0475 3936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

20:23:06.0537 3936 MRxDAV - ok

20:23:06.0896 3936 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:23:06.0912 3936 mrxsmb - ok

20:23:07.0598 3936 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:23:07.0692 3936 mrxsmb10 - ok

20:23:07.0926 3936 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:23:07.0957 3936 mrxsmb20 - ok

20:23:08.0113 3936 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

20:23:08.0128 3936 msahci - ok

20:23:08.0222 3936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

20:23:08.0238 3936 msdsm - ok

20:23:08.0409 3936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

20:23:08.0440 3936 Msfs - ok

20:23:08.0581 3936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

20:23:08.0596 3936 msisadrv - ok

20:23:08.0737 3936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

20:23:08.0768 3936 MSKSSRV - ok

20:23:08.0877 3936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

20:23:08.0893 3936 MSPCLOCK - ok

20:23:08.0955 3936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

20:23:09.0018 3936 MSPQM - ok

20:23:09.0174 3936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

20:23:09.0189 3936 MsRPC - ok

20:23:09.0298 3936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

20:23:09.0298 3936 mssmbios - ok

20:23:09.0392 3936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

20:23:09.0454 3936 MSTEE - ok

20:23:09.0579 3936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

20:23:09.0595 3936 Mup - ok

20:23:09.0813 3936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

20:23:09.0860 3936 NativeWifiP - ok

20:23:10.0063 3936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

20:23:10.0094 3936 NDIS - ok

20:23:10.0203 3936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

20:23:10.0219 3936 NdisTapi - ok

20:23:10.0312 3936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

20:23:10.0344 3936 Ndisuio - ok

20:23:10.0687 3936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

20:23:10.0734 3936 NdisWan - ok

20:23:11.0358 3936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

20:23:11.0373 3936 NDProxy - ok

20:23:11.0451 3936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

20:23:11.0514 3936 NetBIOS - ok

20:23:11.0638 3936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

20:23:11.0701 3936 netbt - ok

20:23:11.0872 3936 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys

20:23:12.0106 3936 NETw3v32 - ok

20:23:12.0372 3936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

20:23:12.0387 3936 nfrd960 - ok

20:23:12.0668 3936 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

20:23:12.0684 3936 NisDrv - ok

20:23:12.0855 3936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

20:23:12.0902 3936 Npfs - ok

20:23:12.0964 3936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

20:23:13.0011 3936 nsiproxy - ok

20:23:13.0105 3936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

20:23:13.0152 3936 Ntfs - ok

20:23:13.0230 3936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

20:23:13.0276 3936 ntrigdigi - ok

20:23:13.0370 3936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

20:23:13.0432 3936 Null - ok

20:23:13.0495 3936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

20:23:13.0495 3936 nvraid - ok

20:23:13.0542 3936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

20:23:13.0542 3936 nvstor - ok

20:23:13.0682 3936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

20:23:13.0682 3936 nv_agp - ok

20:23:13.0791 3936 NwlnkFlt - ok

20:23:13.0807 3936 NwlnkFwd - ok

20:23:13.0916 3936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

20:23:13.0978 3936 ohci1394 - ok

20:23:14.0072 3936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

20:23:14.0134 3936 Parport - ok

20:23:14.0322 3936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

20:23:14.0337 3936 partmgr - ok

20:23:14.0509 3936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

20:23:14.0556 3936 Parvdm - ok

20:23:14.0821 3936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

20:23:14.0836 3936 pci - ok

20:23:14.0977 3936 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys

20:23:14.0992 3936 pciide - ok

20:23:15.0242 3936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

20:23:15.0242 3936 pcmcia - ok

20:23:15.0367 3936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

20:23:15.0460 3936 PEAUTH - ok

20:23:16.0506 3936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

20:23:16.0630 3936 PptpMiniport - ok

20:23:17.0067 3936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

20:23:17.0098 3936 Processor - ok

20:23:17.0332 3936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

20:23:17.0364 3936 PSched - ok

20:23:17.0488 3936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

20:23:17.0566 3936 ql2300 - ok

20:23:17.0660 3936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

20:23:17.0676 3936 ql40xx - ok

20:23:17.0691 3936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

20:23:17.0738 3936 QWAVEdrv - ok

20:23:17.0972 3936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

20:23:18.0003 3936 RasAcd - ok

20:23:18.0456 3936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:23:18.0487 3936 Rasl2tp - ok

20:23:18.0736 3936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

20:23:18.0768 3936 RasPppoe - ok

20:23:19.0204 3936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

20:23:19.0220 3936 RasSstp - ok

20:23:19.0563 3936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

20:23:19.0579 3936 rdbss - ok

20:23:19.0766 3936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:23:20.0031 3936 RDPCDD - ok

20:23:20.0234 3936 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

20:23:20.0265 3936 rdpdr - ok

20:23:20.0468 3936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

20:23:20.0499 3936 RDPENCDD - ok

20:23:20.0640 3936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

20:23:20.0749 3936 RDPWD - ok

20:23:21.0201 3936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

20:23:21.0232 3936 rspndr - ok

20:23:21.0513 3936 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys

20:23:21.0654 3936 RTL8169 - ok

20:23:21.0763 3936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

20:23:21.0763 3936 sbp2port - ok

20:23:22.0543 3936 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys

20:23:22.0652 3936 SCDEmu ( UnsignedFile.Multi.Generic ) - warning

20:23:22.0652 3936 SCDEmu - detected UnsignedFile.Multi.Generic (1)

20:23:22.0761 3936 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

20:23:22.0948 3936 sdbus - ok

20:23:23.0089 3936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:23:23.0151 3936 secdrv - ok

20:23:23.0214 3936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

20:23:23.0292 3936 Serenum - ok

20:23:23.0385 3936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

20:23:23.0448 3936 Serial - ok

20:23:23.0541 3936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

20:23:23.0588 3936 sermouse - ok

20:23:23.0775 3936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

20:23:23.0791 3936 sffdisk - ok

20:23:23.0884 3936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

20:23:23.0916 3936 sffp_mmc - ok

20:23:24.0025 3936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

20:23:24.0087 3936 sffp_sd - ok

20:23:24.0196 3936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

20:23:24.0259 3936 sfloppy - ok

20:23:24.0602 3936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

20:23:24.0618 3936 sisagp - ok

20:23:24.0805 3936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

20:23:24.0820 3936 SiSRaid2 - ok

20:23:25.0132 3936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

20:23:25.0148 3936 SiSRaid4 - ok

20:23:25.0429 3936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

20:23:25.0460 3936 Smb - ok

20:23:25.0632 3936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

20:23:25.0632 3936 spldr - ok

20:23:26.0053 3936 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

20:23:26.0100 3936 srv - ok

20:23:26.0318 3936 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

20:23:26.0474 3936 srv2 - ok

20:23:26.0677 3936 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

20:23:26.0724 3936 srvnet - ok

20:23:27.0036 3936 STHDA (e3c50b029bd08a35fc6a5f0b1cf5d300) C:\Windows\system32\DRIVERS\stwrt.sys

20:23:27.0207 3936 STHDA - ok

20:23:27.0332 3936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

20:23:27.0348 3936 swenum - ok

20:23:27.0535 3936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

20:23:27.0550 3936 Symc8xx - ok

20:23:28.0330 3936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

20:23:28.0440 3936 Sym_hi - ok

20:23:28.0705 3936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

20:23:28.0705 3936 Sym_u3 - ok

20:23:29.0001 3936 SynTP (a94629c2c456a6d002556563d6b8ad1a) C:\Windows\system32\DRIVERS\SynTP.sys

20:23:29.0017 3936 SynTP - ok

20:23:29.0313 3936 tbhsd (63d3f89f4736a6da5260177e38d5c26b) C:\Windows\system32\drivers\tbhsd.sys

20:23:29.0329 3936 tbhsd - ok

20:23:29.0578 3936 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

20:23:29.0641 3936 Tcpip - ok

20:23:29.0922 3936 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

20:23:29.0968 3936 Tcpip6 - ok

20:23:30.0530 3936 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

20:23:30.0655 3936 tcpipreg - ok

20:23:30.0795 3936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

20:23:30.0826 3936 TDPIPE - ok

20:23:31.0014 3936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

20:23:31.0029 3936 TDTCP - ok

20:23:31.0248 3936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

20:23:31.0263 3936 tdx - ok

20:23:31.0404 3936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

20:23:31.0419 3936 TermDD - ok

20:23:31.0622 3936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:23:31.0653 3936 tssecsrv - ok

20:23:31.0794 3936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

20:23:31.0825 3936 tunmp - ok

20:23:31.0981 3936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

20:23:31.0996 3936 tunnel - ok

20:23:32.0090 3936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

20:23:32.0106 3936 uagp35 - ok

20:23:32.0308 3936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

20:23:32.0324 3936 udfs - ok

20:23:32.0433 3936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

20:23:32.0449 3936 uliagpkx - ok

20:23:32.0698 3936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

20:23:32.0714 3936 uliahci - ok

20:23:32.0886 3936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

20:23:32.0901 3936 UlSata - ok

20:23:32.0979 3936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

20:23:32.0979 3936 ulsata2 - ok

20:23:33.0135 3936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

20:23:33.0166 3936 umbus - ok

20:23:33.0416 3936 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys

20:23:33.0494 3936 UMPass - ok

20:23:34.0227 3936 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

20:23:34.0399 3936 USBAAPL - ok

20:23:34.0555 3936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

20:23:34.0586 3936 usbccgp - ok

20:23:34.0664 3936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

20:23:34.0758 3936 usbcir - ok

20:23:35.0054 3936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

20:23:35.0085 3936 usbehci - ok

20:23:35.0272 3936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

20:23:35.0382 3936 usbhub - ok

20:23:35.0709 3936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

20:23:35.0756 3936 usbohci - ok

20:23:35.0943 3936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

20:23:36.0006 3936 usbprint - ok

20:23:36.0177 3936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:23:36.0240 3936 USBSTOR - ok

20:23:36.0333 3936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

20:23:36.0349 3936 usbuhci - ok

20:23:36.0458 3936 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

20:23:36.0708 3936 usbvideo - ok

20:23:36.0864 3936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

20:23:36.0895 3936 vga - ok

20:23:37.0238 3936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

20:23:37.0285 3936 VgaSave - ok

20:23:37.0441 3936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

20:23:37.0441 3936 viaagp - ok

20:23:37.0534 3936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

20:23:37.0566 3936 ViaC7 - ok

20:23:37.0878 3936 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys

20:23:37.0893 3936 viaide - ok

20:23:38.0392 3936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

20:23:38.0392 3936 volmgr - ok

20:23:38.0626 3936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

20:23:38.0642 3936 volmgrx - ok

20:23:38.0876 3936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

20:23:38.0892 3936 volsnap - ok

20:23:39.0016 3936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

20:23:39.0032 3936 vsmraid - ok

20:23:39.0219 3936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

20:23:39.0266 3936 WacomPen - ok

20:23:39.0375 3936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:23:39.0406 3936 Wanarp - ok

20:23:40.0311 3936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:23:40.0342 3936 Wanarpv6 - ok

20:23:40.0483 3936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

20:23:40.0498 3936 Wd - ok

20:23:40.0608 3936 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

20:23:40.0639 3936 Wdf01000 - ok

20:23:40.0873 3936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:23:40.0920 3936 WmiAcpi - ok

20:23:41.0076 3936 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

20:23:41.0169 3936 WpdUsb - ok

20:23:41.0310 3936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

20:23:41.0388 3936 ws2ifsl - ok

20:23:41.0731 3936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:23:41.0793 3936 WUDFRd - ok

20:23:42.0214 3936 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys

20:23:42.0308 3936 yukonwlh - ok

20:23:42.0636 3936 {55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl

20:23:42.0651 3936 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok

20:23:42.0760 3936 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0

20:23:43.0837 3936 \Device\Harddisk0\DR0 - ok

20:23:43.0852 3936 Boot (0x1200) (9bfbd66a2f6baf3facfdfef8ffb3a76c) \Device\Harddisk0\DR0\Partition0

20:23:43.0852 3936 \Device\Harddisk0\DR0\Partition0 - ok

20:23:43.0946 3936 Boot (0x1200) (0d6c2d29f615e17df0e67000fad07661) \Device\Harddisk0\DR0\Partition1

20:23:43.0946 3936 \Device\Harddisk0\DR0\Partition1 - ok

20:23:43.0946 3936 ============================================================

20:23:43.0946 3936 Scan finished

20:23:43.0946 3936 ============================================================

20:23:43.0962 3948 Detected object count: 1

20:23:43.0962 3948 Actual detected object count: 1

20:24:13.0492 3948 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

20:24:13.0492 3948 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:27:54.0086 3828 Deinitialize success

Link to post
Share on other sites

i tried running otl in normal mode, and safe mode. at the end of the scan it only created otl. txt. extras.txt never came up. i ran mutliple times and got the same result. i ensured the one box you told me to check, all users, was checked. here are the setting otl already had when i opened it.

scan all users (checked)

process (use safe list)

services (use safe list)

standard registry (use safe list)

modules (no company name)

drivers (use safe list)

Extra Registry (none)

Link to post
Share on other sites

DDS RESULTs

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Katie Thompson at 7:32:21 on 2012-01-26

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.2477 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\software\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [Aim6]

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [PIFoHdCpFL.exe] c:\programdata\PIFoHdCpFL.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"

mRun: [uCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"

mRun: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyADUAOQAyADMANwA1ADIALQBLAFYAMwArADcALQBYAEwAKwAxAC0AVAA0AC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEA"&"prod=90"&"ver=9.0.872

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B140DBD3-84A2-4F3D-96CF-397858D56E07} : DhcpNameServer = 192.168.1.254

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\katie thompson\appdata\roaming\mozilla\firefox\profiles\un0ugy9u.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\software\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\users\katie thompson\appdata\roaming\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\users\katie thompson\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\software\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\software\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\katie thompson\appdata\roaming\Move Networks

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

.

============= SERVICES / DRIVERS ===============

.

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 03:10:18];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-28 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-29 136176]

S2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]

S2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-1-16 365952]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-10 24652]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-16 222512]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-29 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-9 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-23 107360]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]

.

=============== Created Last 30 ================

.

2012-01-22 16:54:33 -------- d-s---w- C:\ComboFix

2012-01-22 04:40:55 360328 ---ha-w- c:\programdata\EwEKPHTPPgYiFx.exe

2012-01-22 04:25:39 451464 ---ha-w- c:\programdata\PIFoHdCpFL.exe

2012-01-21 07:04:17 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{995e907f-9f57-4018-8d74-f968cb520fa2}\mpengine.dll

2012-01-10 23:03:02 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-10 23:03:02 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-10 23:03:00 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-10 23:02:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-10 23:02:57 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-10 23:02:56 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-10 23:02:55 66560 ----a-w- c:\windows\system32\packager.dll

.

==================== Find3M ====================

.

2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 7:33:48.20 ===============

Link to post
Share on other sites

ATTACH RESULTS

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/20/2009 4:33:52 AM

System Uptime: 1/26/2012 7:06:07 AM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 3628

Processor: Intel® Core2 Duo CPU T6500 @ 2.10GHz | CPU | 2094/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 100.49 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.891 GiB free.

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Consumer IR Devices

Device ID: ROOT\SYSTEM\0001

Manufacturer: Microsoft

Name: Consumer IR Devices

PNP Device ID: ROOT\SYSTEM\0001

Service: circlass

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.4

Adobe Shockwave Player

AIM 6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Audacity 1.3.14 (Unicode)

Bonjour

Broadcom 802.11 Wireless LAN Adapter

Byki

Byki Library Edition

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CyberLink DVD Suite

ESU for Microsoft Vista

Google Earth Plug-in

Google Update Helper

Hearts of Iron 2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP BatteryCheck 2.10 A2

HP Common Access Service Library

HP MediaSmart DVD

HP MediaSmart SlingPlayer

HP MediaSmart SmartMenu

HP MediaSmart Webcam

HP Quick Launch Buttons 6.40 L1

HP Smart Web Printing

HP Update

HP Wireless Assistant

HTC BMP USB Driver

HTC Driver Installer

IDT Audio

iTunes

Java Auto Updater

Java 6 Update 24

Java 6 Update 7

JMicron JMB38X Flash Media Controller Driver

LightScribe System Software 1.14.17.1

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Close Combat: A Bridge Too Far

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Basic 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Move Media Player

Mozilla Firefox (3.5.2)

Mozilla Firefox (3.6.7)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

muvee Reveal

OGA Notifier 2.0.0048.0

PixiePack Codec Pack

Power2Go

PowerDirector

PowerISO

ProtectSmart Hard Drive Protection

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Remote Control USB Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Warlords

Skins

SmartWebPrintingOC

Spelling Dictionaries Support For Adobe Reader 9

Synaptics Pointing Device Driver

The Rosetta Stone

Transparent Language Library Edition

Tropico 3 1.00

Tunebite

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2583910)

Viewpoint Media Player

Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Mobile Device Updater Component

WinRAR archiver

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

1/26/2012 7:16:54 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/26/2012 7:16:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

1/26/2012 7:08:52 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 7:08:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/26/2012 7:08:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SCDEmu spldr Wanarpv6

1/26/2012 7:08:07 AM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 7:08:07 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/26/2012 7:07:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/26/2012 7:07:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

1/26/2012 7:07:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/26/2012 7:07:10 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21

1/26/2012 7:07:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/26/2012 7:06:52 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

1/26/2012 7:06:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

1/25/2012 8:20:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/25/2012 8:06:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

1/25/2012 8:06:40 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/25/2012 8:04:27 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

1/25/2012 7:47:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/24/2012 9:22:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}

1/24/2012 9:21:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}

1/24/2012 9:21:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

1/24/2012 8:31:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/24/2012 8:27:24 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

1/24/2012 8:24:47 PM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_3628103C&REV_00\4&d22e54d&0&04E4) disappeared from the system without first being prepared for removal.

1/24/2012 8:24:47 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3628103C&REV_00\4&d22e54d&0&01E4) disappeared from the system without first being prepared for removal.

1/24/2012 8:24:47 PM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3628103C&REV_00\4&d22e54d&0&02E4) disappeared from the system without first being prepared for removal.

1/24/2012 8:24:47 PM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3628103C&REV_00\4&d22e54d&0&03E4) disappeared from the system without first being prepared for removal.

1/24/2012 8:24:46 PM, Error: PlugPlayManager [12] - The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_197B&DEV_2380&SUBSYS_3628103C&REV_00\4&d22e54d&0&00E4) disappeared from the system without first being prepared for removal.

1/24/2012 7:41:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/23/2012 9:42:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/23/2012 9:27:38 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

1/22/2012 4:59:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/22/2012 10:31:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/22/2012 10:10:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/22/2012 10:00:03 AM, Error: EventLog [6008] - The previous system shutdown at 9:58:34 AM on 1/22/2012 was unexpected.

1/21/2012 10:51:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/21/2012 10:51:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.311.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

1/21/2012 10:42:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

1/21/2012 10:42:22 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/21/2012 10:41:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

1/21/2012 10:41:52 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/21/2012 10:39:15 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/21/2012 10:31:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

1/21/2012 10:31:15 PM, Error: EventLog [6008] - The previous system shutdown at 10:28:51 PM on 1/21/2012 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000..\Run: [PIFoHdCpFL.exe] C:\ProgramData\PIFoHdCpFL.exe (Microsoft Corporation)
    [2012/01/21 22:40:55 | 000,360,328 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\EwEKPHTPPgYiFx.exe
    [2012/01/21 22:25:39 | 000,451,464 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\PIFoHdCpFL.exe
    [2012/01/24 20:22:43 | 000,000,448 | -H-- | M] () -- C:\ProgramData\EwEKPHTPPgYiFx
    [2012/01/24 20:22:32 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~EwEKPHTPPgYiFx
    [2012/01/22 09:55:51 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~EwEKPHTPPgYiFxr

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log file.

Link to post
Share on other sites

All processes killed

Error: Unable to interpret <:OTLO3 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.O4 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000..\Run: [PIFoHdCpFL.exe] C:\ProgramData\PIFoHdCpFL.exe (Microsoft Corporation)[2012/01/21 22:40:55 | 000,360,328 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\EwEKPHTPPgYiFx.exe[2012/01/21 22:25:39 | 000,451,464 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\PIFoHdCpFL.exe[2012/01/24 20:22:43 | 000,000,448 | -H-- | M] () -- C:\ProgramData\EwEKPHTPPgYiFx[2012/01/24 20:22:32 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~EwEKPHTPPgYiFx[2012/01/22 09:55:51 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~EwEKPHTPPgYiFxr:Commands[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_213249

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

The script is not working, because should like this:

:OTL
O3 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKU\S-1-5-21-2939974712-2138394944-2411036093-1000..\Run: [PIFoHdCpFL.exe] C:\ProgramData\PIFoHdCpFL.exe (Microsoft Corporation)
[2012/01/21 22:40:55 | 000,360,328 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\EwEKPHTPPgYiFx.exe
[2012/01/21 22:25:39 | 000,451,464 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\PIFoHdCpFL.exe
[2012/01/24 20:22:43 | 000,000,448 | -H-- | M] () -- C:\ProgramData\EwEKPHTPPgYiFx
[2012/01/24 20:22:32 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~EwEKPHTPPgYiFx
[2012/01/22 09:55:51 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~EwEKPHTPPgYiFxr

:Commands
[emptytemp]

Should be on new lines.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2939974712-2138394944-2411036093-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

Registry value HKEY_USERS\S-1-5-21-2939974712-2138394944-2411036093-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PIFoHdCpFL.exe deleted successfully.

C:\ProgramData\PIFoHdCpFL.exe moved successfully.

C:\ProgramData\EwEKPHTPPgYiFx.exe moved successfully.

File C:\ProgramData\PIFoHdCpFL.exe not found.

C:\ProgramData\EwEKPHTPPgYiFx moved successfully.

C:\ProgramData\~EwEKPHTPPgYiFx moved successfully.

C:\ProgramData\~EwEKPHTPPgYiFxr moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Katie Thompson

->Temp folder emptied: 2000564518 bytes

->Temporary Internet Files folder emptied: 327909294 bytes

->Java cache emptied: 4656 bytes

->FireFox cache emptied: 56054458 bytes

->Flash cache emptied: 168194 bytes

User: Mcx1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2745303 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 138524023 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 12005465861 bytes

Total Files Cleaned = 13,858.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01272012_074150

Files\Folders moved on Reboot...

C:\Users\Katie Thompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0GJTE87\fastbutton[3].htm moved successfully.

C:\Users\Katie Thompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULD7L8Z9\index[9].htm moved successfully.

C:\Users\Katie Thompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D8CSUHAL\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Katie Thompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D8CSUHAL\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

ComboFix 12-01-27.01 - Katie Thompson 01/27/2012 15:14:25.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.2534 [GMT -6:00]

Running from: c:\users\Katie Thompson\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Katie Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\users\Katie Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk

c:\users\Katie Thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk

c:\users\Katie Thompson\Desktop\System Check.lnk

.

.

((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))

.

.

2012-01-27 13:52 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02C1262F-958D-43EC-A08C-A64D81EC7E02}\mpengine.dll

2012-01-27 03:32 . 2012-01-27 03:32 -------- d-----w- C:\_OTL

2012-01-22 05:01 . 2012-01-22 05:01 -------- d-----w- c:\windows\Sun

2012-01-10 23:03 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-10 23:03 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-10 23:03 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-10 23:02 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-10 23:02 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-10 23:02 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-10 23:02 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-06 04:19 . 2011-01-27 01:31 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-15 09:36 . 2011-12-15 09:36 677136 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-10 21:24 . 2009-09-28 14:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:37 . 2011-12-14 17:47 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-08 14:42 . 2011-12-14 17:47 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 22:47 . 2011-12-15 09:04 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40 . 2011-12-15 09:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39 . 2011-12-15 09:04 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31 . 2011-12-15 09:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-04 450652]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAyADUAOQAyADMANwA1ADIALQBLAFYAMwArADcALQBYAEwAKwAxAC0AVAA0AC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADEA∏=90&ver=9.0.872" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-17 00:02 114688 ---ha-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 22:59]

.

2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-29 22:59]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Katie Thompson\AppData\Roaming\Mozilla\Firefox\Profiles\un0ugy9u.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 2

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\software\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\software\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\software\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\software\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\software\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\software\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\software\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\software\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Katie Thompson\AppData\Roaming\Move Networks

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Aim6 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-27 15:21

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

Completion time: 2012-01-27 15:26:13

ComboFix-quarantined-files.txt 2012-01-27 21:26

.

Pre-Run: 122,068,918,272 bytes free

Post-Run: 123,322,068,992 bytes free

.

- - End Of File - - A2F7397AA6123894C61AE868826F77FB

Link to post
Share on other sites

Good! :)

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Next,

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please include both logs in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.27.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Katie Thompson :: BATMAN [administrator]

1/27/2012 6:33:06 PM

mbam-log-2012-01-27 (18-33-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198794

Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.