Jump to content

ZeroAccess has my pc up against the wall


Recommended Posts

I ran DDS but it just runs and runs... I've been fighting it since Friday! I have attached logs from OTL, High Jack This, and a few other tools that I have run.

Combofix is the only program that reports that I have ZeroAccess and that it has infected the TCP/IP stack, but iCombofix just runs but never runs any steps.

I appreciate the help!

Robert

AntiZeroAccess_Log.txt

AntiZeroAccess_Log.txt

dberr.txt

Extras.Txt

hijackthis.log

OTL.Txt

SCHEDLGU.TXT

Link to post
Share on other sites

Hello Robert and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please post all of your log files in next reply.

Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 11:04:43 PM, on 4/16/2012

Platform: Unknown Windows (WinNT 6.00.1906 SP2)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\Napster\napster.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Belkin Storage Manager\StorageManager.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe

C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe

C:\Program Files\eFax Messenger 4.4\J2GTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Robert\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe"

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [HP CP1020 System Tray] "C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [efdecdfabdct] "C:\ProgramData\efdecdfabdct.exe"

O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe

O4 - Startup: Launch Jawbone Updater.lnk = C:\Program Files\Jawbone\LaunchJU.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: CardMinder Viewer.lnk = ?

O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?

O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe

O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: ScanSnap Manager.lnk = ?

O4 - Global Startup: XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: Deployer - http://www.pcthreat.com/autoinstall/shsafeinstall.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB

O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} (Dvr Net 8116) - http://192.168.1.8/DvrOcx.cab

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://mls.realist.com/mapviewer/mapviewer.cab

O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Firebird Server - LP_SERVER (FirebirdServerLP_SERVER) - Unknown owner - C:\Program Files\LawnPro 4\DB\bin\fbserver.exe" -s LP_SERVER (file missing)

O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Link to post
Share on other sites

OTL logfile created on: 4/16/2012 11:14:28 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Robert\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 54.96% Memory free

7.16 Gb Paging File | 5.45 Gb Available in Paging File | 76.08% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 298.09 Gb Total Space | 155.67 Gb Free Space | 52.22% Space Free | Partition Type: NTFS

Computer Name: ROBERT-D630 | User Name: Robert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 23:13:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe

PRC - [2012/04/14 09:01:19 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2012/01/22 23:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2012/01/22 23:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/09/17 12:14:44 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\LawnPro 4\DB\bin\fbserver.exe

PRC - [2010/09/14 16:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2010/09/14 14:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2010/07/02 13:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe

PRC - [2010/07/02 13:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe

PRC - [2010/01/19 12:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe

PRC - [2009/11/30 12:31:54 | 004,685,824 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

PRC - [2009/11/30 12:31:54 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

PRC - [2009/11/30 12:31:48 | 004,038,656 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

PRC - [2009/08/07 08:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe

PRC - [2009/05/27 11:38:22 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

PRC - [2009/05/27 11:37:44 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/02/03 17:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin Storage Manager\StorageManager.exe

PRC - [2008/02/22 11:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

PRC - [2007/03/30 22:14:06 | 001,769,472 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe

PRC - [2007/02/16 18:57:24 | 001,945,960 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2007/02/16 18:49:58 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007/02/16 18:45:30 | 001,169,776 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2006/10/09 13:43:18 | 000,036,864 | ---- | M] (PFU Limited.) -- C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/11 03:52:57 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll

MOD - [2012/04/11 03:49:38 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll

MOD - [2012/04/11 03:49:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll

MOD - [2012/02/16 04:42:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll

MOD - [2012/02/16 04:41:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll

MOD - [2012/02/16 04:41:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MOD - [2012/02/16 04:40:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MOD - [2012/02/16 04:39:23 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll

MOD - [2012/02/16 04:37:33 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MOD - [2011/10/13 03:44:27 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll

MOD - [2011/10/13 03:40:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/05/28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll

MOD - [2009/08/07 08:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll

MOD - [2009/08/07 08:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll

MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll

MOD - [2008/07/31 13:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll

MOD - [2008/05/01 12:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll

MOD - [2008/01/02 11:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll

MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll

MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll

MOD - [2007/02/27 19:34:32 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll

MOD - [2007/02/14 19:21:32 | 000,050,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\gc.dll

MOD - [2006/10/12 15:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuUpdater.dll

MOD - [2006/05/10 16:18:06 | 000,010,240 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SecurityManager.dll

MOD - [2006/05/10 16:18:04 | 000,009,216 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PolicyCommon.dll

MOD - [2005/07/22 22:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll

MOD - [2005/07/08 11:36:40 | 000,094,208 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\f5bdkedr.dll

MOD - [2005/01/19 18:48:00 | 000,028,672 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardPath.dll

MOD - [2003/11/20 21:56:18 | 000,294,912 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIplA6.dll

MOD - [2003/11/20 21:56:16 | 000,020,480 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIpl.dll

MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll

MOD - [1996/12/19 13:24:26 | 000,068,608 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\F5BDKAKU.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqvcagent.dll -- (win32sl)

SRV - File not found [On_Demand | Stopped] -- -- (SupportSoft RemoteAssist)

SRV - File not found [Auto | Stopped] -- C:\Windows\system32\usbnaw32.dll -- (NEC Usb3)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswmon2.dll -- (LKbdFlt2)

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tunmp.dll -- (AdfuUd)

SRV - [2012/04/14 07:57:05 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012/01/22 23:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/02/23 10:46:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/09/17 12:14:44 | 003,735,552 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\LawnPro 4\DB\bin\fbserver.exe -- (FirebirdServerLP_SERVER)

SRV - [2010/09/14 14:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/04/12 10:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)

SRV - [2009/11/30 12:31:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2009/05/27 11:38:22 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)

SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Robert\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012/04/16 19:51:16 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{636326A7-DB38-475B-90AE-A2E612FAC7B5}\MpKslac2d83c0.sys -- (MpKslac2d83c0)

DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/09/22 18:52:02 | 000,035,392 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2010/12/15 14:38:22 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/05/12 12:02:52 | 000,020,792 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM)

DRV - [2010/04/21 11:42:33 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)

DRV - [2010/04/21 11:42:33 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2010/04/21 10:39:10 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)

DRV - [2010/03/26 20:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)

DRV - [2010/03/26 20:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)

DRV - [2009/11/30 12:31:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2009/04/10 23:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)

DRV - [2009/04/10 23:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)

DRV - [2008/05/29 14:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)

DRV - [2008/01/31 16:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2008/01/22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007/10/18 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2007/10/02 12:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/09/13 16:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/04 12:50:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)

DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B FE 14 E7 CA E5 CA 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=MSDTDF&PC=MSDTDF&q={searchTerms}&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS479

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7Bae3ccaab-8262-4fc2-bae9-0bd81f66dc1e%7D&mid=d1b70f80a9ad47d0a0eed168c02ad089-bdb69c7da7a49c5f965b04c98b9472a05c666613&ds=ft011&v=10.2.0.3〈=en&pr=sa&d=2012-03-26%2017%3A54%3A17"

FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bae3ccaab-8262-4fc2-bae9-0bd81f66dc1e%7D&mid=d1b70f80a9ad47d0a0eed168c02ad089-bdb69c7da7a49c5f965b04c98b9472a05c666613&ds=ft011&v=10.2.0.3〈=en&pr=sa&d=2012-03-26%2017%3A54%3A17&sap=ku&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 04:02:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 22:06:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 22:06:15 | 000,000,000 | ---D | M]

[2011/02/23 11:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions

[2011/02/23 11:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

[2012/04/14 00:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\4lpq7uts.default\extensions

[2011/11/30 00:03:21 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\4lpq7uts.default\extensions\video.downloader.plugin@ffpimp.com

[2011/06/30 09:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/30 09:06:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3

() (No name found) -- C:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4LPQ7UTS.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI

[2010/04/19 22:05:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/05/08 21:55:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/03/26 17:54:03 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [belkin Storage Manager] C:\Program Files\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)

O4 - HKLM..\Run: [HP CP1020 System Tray] C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE (HP)

O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)

O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)

O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)

O4 - HKCU..\Run: [efdecdfabdct] C:\ProgramData\efdecdfabdct.exe ()

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)

O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk = C:\Program Files\Jawbone\LaunchJU.exe ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)

O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} http://192.168.1.8/DvrOcx.cab (Dvr Net 8116)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://mls.realist.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control)

O16 - DPF: Deployer http://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4F169C5-6DF3-4600-BAB0-847F94640663}: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAA2E432-F230-4143-8F42-76797F14BA7B}: DhcpNameServer = 192.168.0.1 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAA8CA2-9E96-446C-852C-4661BE995C16}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{855720ca-4c15-11df-92d4-002170947ee7}\Shell\AutoRun\command - "" = G:\.\MigWiz\migsetup.exe

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 23:13:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe

[2012/04/16 22:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis

[2012/04/16 22:51:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0DEF6C79-0753-4E63-B790-6F096AB98DDA}

[2012/04/16 22:32:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.com

[2012/04/16 22:27:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A498F32A-825E-4B1D-82E5-5B161F846C7D}

[2012/04/16 22:07:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.scr

[2012/04/16 20:04:39 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/04/16 18:09:36 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Avira

[2012/04/16 18:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012/04/16 18:03:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012/04/16 18:03:45 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012/04/16 18:03:45 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012/04/16 18:03:45 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012/04/16 18:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012/04/16 18:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012/04/16 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B5A1E10B-C1B6-473E-9FA2-CD5C6E88E878}

[2012/04/16 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Antivirus

[2012/04/16 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E2C8AAE2-DEB4-43C3-9031-886A6755D289}

[2012/04/15 22:46:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1A4E286C-9811-4EE2-8A1B-5B4DE198F9D1}

[2012/04/15 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{CE27A109-5394-43B3-9B85-0BA0345BE70A}

[2012/04/15 18:03:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\serial.svs

[2012/04/15 17:43:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B3F0A5A0-CF22-406F-96DB-EE148860AEFF}

[2012/04/15 12:44:04 | 004,463,836 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe

[2012/04/15 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0750ABBB-0E08-4278-BDA2-206551F9B408}

[2012/04/15 12:43:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C9EA0DF6-8BD1-47CE-8F96-0BD7CF14E99D}

[2012/04/15 12:27:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4093033A-5D36-4DEB-AA82-315123E1F20E}

[2012/04/15 12:27:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{49B82476-7ADF-493B-B965-06FECF2AC0D4}

[2012/04/15 09:22:07 | 000,000,000 | --SD | C] -- C:\getout

[2012/04/15 07:14:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BD236103-EB9D-4C85-BF22-06A3219F9CA4}

[2012/04/15 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{678B5675-C3BD-4783-AC50-A38C381E6236}

[2012/04/14 22:53:39 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys

[2012/04/14 22:09:21 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1D289BA3-E903-490A-87C5-00B02BD4B483}

[2012/04/14 22:08:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{ED030C09-4337-4931-9490-543E0503CCFE}

[2012/04/14 22:05:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\SeaPort

[2012/04/14 19:07:11 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.svs

[2012/04/14 18:48:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/14 18:48:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/14 18:48:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/14 18:47:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/14 18:45:12 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/14 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2F1C4554-A367-4F36-BF18-99FF78005C3F}

[2012/04/14 10:03:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F33B727C-3DE5-4666-A5E0-70DAD935083F}

[2012/04/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A7643C29-E0F7-44DB-A3BE-6050F67F014A}

[2012/04/14 00:39:03 | 004,139,680 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe

[2012/04/13 23:51:00 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll

[2012/04/13 20:57:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F0B2D4C6-C0C6-4728-80CD-108896850BF4}

[2012/04/13 20:57:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{82FFC4F4-69BA-4B26-9097-7FCFD6FAEB53}

[2012/04/13 15:05:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6FDCD460-6566-4662-94CC-A31B75F8B3CB}

[2012/04/13 15:04:52 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E64B9791-078C-469F-9578-A4B211482159}

[2012/04/13 08:37:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{33AABF68-4ADE-4532-A8B4-43276D1F5E50}

[2012/04/13 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{864B5948-B739-4DF2-A4F2-2D508377FEAC}

[2012/04/13 08:14:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{547A7BF8-D409-4B71-AB7F-AEEC38B371C9}

[2012/04/13 08:14:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{86BBD0B2-24FE-4598-B5A6-CBD2BF7C0211}

[2012/04/11 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C99D920B-64D7-40E2-84EB-9CA79DC27F6C}

[2012/04/11 20:31:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{70BBC313-3AF4-41E6-A3E0-77EBFDCA5A34}

[2012/04/11 16:25:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F9EFDAB2-F0F3-490F-9830-4C30209CC611}

[2012/04/11 16:25:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C5949DB3-04E1-4BB8-9BD0-2B1B3D43847E}

[2012/04/11 03:47:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4CA318F1-D88C-43F5-AC73-7553CD821FA8}

[2012/04/11 03:46:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{738319E0-AEBB-44DE-B956-E7BBBC5D2B67}

[2012/04/11 03:20:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/04/11 03:20:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/04/11 03:20:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/04/11 03:20:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/04/11 03:20:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/04/11 03:20:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/04/11 03:17:43 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012/04/11 03:17:43 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/04/05 21:28:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DED38320-0E33-488E-936D-D9EB11F86B15}

[2012/04/05 09:28:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DD71A792-E694-426D-97C9-F8F765B61294}

[2012/04/05 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{014A4232-26AB-43B3-8EF2-526DFC98A535}

[2012/04/04 21:28:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{98ACB5A9-E4DC-4C41-9F53-82894BD07966}

[2012/04/04 21:28:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5A7AE06F-A769-48BE-A502-EF65F8715EB3}

[2012/04/04 09:22:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{CA3559EF-C32E-485E-A559-3A72BA7A6682}

[2012/04/04 09:22:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5C845FE2-D965-4F27-A636-7171B0E360D1}

[2012/04/03 21:23:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{182FB11C-B404-4668-9384-06D9D8E9DB89}

[2012/04/03 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3F65D6AA-1E2C-41F5-B3F2-7295974F004E}

[2012/04/03 09:23:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5ABD861F-5A34-4B30-B8FC-FF39BDC6D262}

[2012/04/03 09:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{62C79D40-9430-46B9-8092-F8D8C50DD2B5}

[2012/04/02 21:03:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BFB325D0-C3B9-4E70-A390-08DDAE5E1F52}

[2012/04/02 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5254AE26-0062-4A81-8F25-6263DA77BBC4}

[2012/04/02 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0EC009E3-72B5-4963-881C-E868DA71741E}

[2012/04/01 16:42:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E29F4516-D5D8-4284-8F3C-280D87494B83}

[2012/04/01 03:50:48 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C166DCBD-078D-4442-8AAF-71D55C676EEA}

[2012/03/31 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{72AB3A60-51D6-4BB8-9106-0831917FC467}

[2012/03/30 18:18:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{478F5824-5DEB-4B32-9E5A-9DFF7FE4D1D0}

[2012/03/30 09:04:51 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/03/30 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{FF4184CF-F27B-4719-98FB-8A7E44E4C31C}

[2012/03/29 15:14:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{161F610D-BC37-4B45-B267-6BFB08D1AEF8}

[2012/03/29 00:55:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BD67DDE2-0095-4B5E-85E3-603A2249FBD1}

[2012/03/28 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4FF25BA1-40F0-40FB-8322-5C11DF513A56}

[2012/03/28 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DD6ECEDD-A0D4-4EB4-80D2-DD0326E55909}

[2012/03/27 21:31:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{59C4C59F-1040-47D2-93D9-50ED95AC1A46}

[2012/03/27 21:31:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0BE62A2D-7FBF-41EF-A30C-B4076525439B}

[2012/03/27 08:59:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2B0ADF2B-4970-4B02-9F01-5AE76106E6F9}

[2012/03/27 08:58:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{FE08E746-ACE6-4BE6-B0BC-CAE99770D685}

[2012/03/26 19:56:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6B6B45A2-8E11-4CFD-A3BB-E028261B3C34}

[2012/03/26 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{9FC3A0D2-DF63-4DB6-B558-2E4130A9A93A}

[2012/03/26 07:56:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{90560244-FA91-4E53-A66B-D173BCBB68F6}

[2012/03/26 07:56:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{44653173-1A2A-498B-AFE1-AE262F50701D}

[2012/03/25 13:11:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{747CBDC4-08E7-4ED3-B8D3-479244749560}

[2012/03/25 13:11:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{86799035-3E6C-4642-A799-CD81A4882652}

[2012/03/24 23:50:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{998F5DFF-9A6E-4ABC-A88E-FCC904CE14ED}

[2012/03/24 11:15:48 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E704F99A-30A3-4207-BC2D-3CF2F65C251C}

[2012/03/23 23:07:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5F93912F-DB13-4D8A-A661-614DEEDFEC70}

[2012/03/23 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4C3C9BBE-2653-42EE-B3DC-2779E2BEF8B5}

[2012/03/23 11:06:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6B518A2C-6AC6-44C1-A19E-78270C139071}

[2012/03/23 11:06:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0513FAF5-DEFE-45C8-A941-BFBFC08A07C8}

[2012/03/22 22:55:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A40C5A68-A18F-4ADB-8A6A-4E8F332F6AE0}

[2012/03/22 08:01:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2106C68D-FA23-4BC5-AC5B-3C8B4AA4F385}

[2012/03/22 08:01:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0E5B2DA1-1135-419C-98E2-FCEED7873465}

[2012/03/21 14:55:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{002438D7-E05A-4B2C-8DA5-0DC409FC7CFE}

[2012/03/21 01:09:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0CCBAE81-0069-43A4-9930-2FBCDA1A63A5}

[2012/03/21 01:09:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{7823470A-3378-4EFD-8179-809E1C7E741B}

[2012/03/20 13:09:30 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{904E92F8-5B61-4D44-9744-E658E543F59E}

[2012/03/19 23:06:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{74BD53DD-9B41-43CE-9E4E-A5D818C6D1E7}

[2012/03/19 23:06:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1111FCE7-27C8-40C7-9F19-A4AB0ECC5641}

[2012/03/19 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{87062CE8-2F47-4500-94FC-81BE4F658555}

[2012/03/19 10:26:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B39D738A-4920-4ACC-9831-4397D905AB45}

[2012/03/18 22:18:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B8F813CB-0D23-42A3-BBD5-6148DE6F8402}

[2012/03/18 22:18:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E3B7F07E-BF74-46E1-A4FB-46C28B9D52B2}

[2012/03/18 10:18:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{98D8EB57-D382-4379-AD51-7F29174B3AA9}

[2012/03/18 10:17:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{7A3A7FEF-4080-4B22-B1B1-C5197034DABA}

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Users\Robert\Documents\*.tmp files -> C:\Users\Robert\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/16 23:13:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe

[2012/04/16 23:08:02 | 000,654,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/16 23:08:02 | 000,124,998 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/16 22:48:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/16 22:48:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/16 22:48:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/16 22:48:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/16 22:48:01 | 3745,492,992 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/16 22:39:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/16 22:35:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/16 22:32:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.com

[2012/04/16 22:07:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.scr

[2012/04/16 18:04:14 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012/04/16 17:56:45 | 001,244,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/04/16 13:56:30 | 000,000,000 | ---- | M] () -- C:\ProgramData\efdecdfabdct.exe

[2012/04/16 10:07:31 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys

[2012/04/15 22:50:40 | 301,624,611 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/04/15 17:43:30 | 000,002,391 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/04/15 12:08:10 | 004,463,836 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe

[2012/04/14 18:40:28 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd

[2012/04/14 16:28:00 | 000,903,928 | ---- | M] () -- C:\Users\Robert\Desktop\Executed Contract for 6102 Power.pdf

[2012/04/14 16:27:10 | 000,039,943 | ---- | M] () -- C:\Users\Robert\Desktop\Martin Pina IRS Docs.pdf

[2012/04/14 10:04:28 | 000,000,197 | ---- | M] () -- C:\Windows\System32\itlsvc.dat

[2012/04/14 10:04:27 | 000,115,686 | ---- | M] () -- C:\Windows\System32\itldvupd.dat

[2012/04/14 07:57:05 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/04/14 07:57:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/04/14 07:56:59 | 004,139,680 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe

[2012/04/14 00:10:00 | 000,248,579 | ---- | M] () -- C:\Users\Robert\Desktop\Revised Contract for 6102 Power.pdf

[2012/04/13 13:17:45 | 000,001,356 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat

[2012/04/13 09:02:51 | 000,001,876 | ---- | M] () -- C:\Users\Robert\Desktop\The Print Shop 23.lnk

[2012/04/13 09:00:36 | 000,033,792 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/13 08:52:38 | 000,000,215 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RFC.url

[2012/04/13 08:51:03 | 000,000,104 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk

[2012/04/12 19:09:32 | 002,470,912 | ---- | M] () -- C:\Users\Robert\Documents\1514 Shadow Crest Dr - Just Reduced Flyer.pub

[2012/04/11 08:53:41 | 000,000,898 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2012/04/10 23:48:59 | 000,402,478 | ---- | M] () -- C:\Users\Robert\Desktop\ONEprop+Application+Packet+2011+Dallas.pdf

[2012/04/06 16:04:24 | 000,377,856 | ---- | M] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed Dallas Skyline.biz

[2012/04/06 13:00:32 | 000,307,712 | ---- | M] () -- C:\Users\Robert\Documents\Robert Realtor Full Bleed Broker Mod1.biz

[2012/04/05 18:39:52 | 000,000,443 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Tempo Login.website

[2012/04/05 14:14:57 | 000,060,304 | ---- | M] () -- C:\Users\Robert\g2mdlhlpx.exe

[2012/04/05 01:33:24 | 004,006,051 | ---- | M] () -- C:\Users\Robert\Desktop\Personal_Portfolio1.zip

[2012/04/02 16:56:27 | 000,319,488 | ---- | M] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed 3.biz

[2012/03/27 16:39:48 | 000,044,004 | ---- | M] () -- C:\Users\Robert\Desktop\Redi Carpet Invoice 02-672247.pdf

[2012/03/26 17:26:04 | 000,198,970 | ---- | M] () -- C:\Users\Robert\Desktop\1517 Audrey Drive Termite Inspection.pdf

[2012/03/21 22:19:15 | 000,239,312 | ---- | M] () -- C:\Users\Robert\Desktop\Shadowcrest CMA.pdf

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Users\Robert\Documents\*.tmp files -> C:\Users\Robert\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/16 18:04:14 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012/04/16 10:02:55 | 3745,492,992 | -HS- | C] () -- C:\hiberfil.sys

[2012/04/14 18:48:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/14 18:48:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/14 18:48:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/14 18:48:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/14 18:48:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/14 16:31:33 | 000,039,943 | ---- | C] () -- C:\Users\Robert\Desktop\Martin Pina IRS Docs.pdf

[2012/04/14 16:28:00 | 000,903,928 | ---- | C] () -- C:\Users\Robert\Desktop\Executed Contract for 6102 Power.pdf

[2012/04/14 10:04:28 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat

[2012/04/14 10:04:27 | 000,115,686 | ---- | C] () -- C:\Windows\System32\itldvupd.dat

[2012/04/14 09:25:53 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd

[2012/04/14 09:25:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\efdecdfabdct.exe

[2012/04/14 00:10:00 | 000,248,579 | ---- | C] () -- C:\Users\Robert\Desktop\Revised Contract for 6102 Power.pdf

[2012/04/13 23:33:17 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro Photo XI.lnk

[2012/04/13 23:33:17 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk

[2012/04/13 23:33:17 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\XSites Desktop.lnk

[2012/04/13 23:33:17 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk

[2012/04/13 23:33:17 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\zipForm® 6.lnk

[2012/04/13 23:33:17 | 000,000,938 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/04/13 23:33:17 | 000,000,898 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2012/04/13 23:33:17 | 000,000,830 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/04/13 23:33:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2012/04/13 23:33:17 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk

[2012/04/13 23:33:17 | 000,000,443 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Tempo Login.website

[2012/04/13 23:33:17 | 000,000,258 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/04/13 23:33:17 | 000,000,240 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/04/13 23:33:17 | 000,000,215 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RFC.url

[2012/04/13 23:33:17 | 000,000,200 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\LEAN CUISINE Keep Life Delicious.url

[2012/04/13 23:33:16 | 000,001,915 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/04/13 23:33:16 | 000,000,104 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk

[2012/04/13 09:02:51 | 000,001,876 | ---- | C] () -- C:\Users\Robert\Desktop\The Print Shop 23.lnk

[2012/04/12 19:09:32 | 002,470,912 | ---- | C] () -- C:\Users\Robert\Documents\1514 Shadow Crest Dr - Just Reduced Flyer.pub

[2012/04/10 23:48:59 | 000,402,478 | ---- | C] () -- C:\Users\Robert\Desktop\ONEprop+Application+Packet+2011+Dallas.pdf

[2012/04/05 19:38:23 | 001,469,771 | ---- | C] () -- C:\Users\Robert\Desktop\Mr. Lee's Backdoor.JPG

[2012/04/05 01:33:24 | 004,006,051 | ---- | C] () -- C:\Users\Robert\Desktop\Personal_Portfolio1.zip

[2012/04/02 17:00:34 | 000,377,856 | ---- | C] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed Dallas Skyline.biz

[2012/03/30 09:04:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/03/27 16:40:49 | 000,044,004 | ---- | C] () -- C:\Users\Robert\Desktop\Redi Carpet Invoice 02-672247.pdf

[2012/03/26 17:27:02 | 000,198,970 | ---- | C] () -- C:\Users\Robert\Desktop\1517 Audrey Drive Termite Inspection.pdf

[2012/03/21 22:20:05 | 000,239,312 | ---- | C] () -- C:\Users\Robert\Desktop\Shadowcrest CMA.pdf

[2011/08/07 21:40:28 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe

[2011/08/07 21:40:28 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

[2011/07/21 11:26:33 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\{779A1892-AB9D-4950-A6BB-DB10D4709463}

[2011/04/03 11:59:17 | 000,001,356 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat

[2011/01/25 16:53:16 | 000,029,696 | ---- | C] () -- C:\Windows\System32\DvrOcxCHS.dll

[2011/01/10 19:05:36 | 000,942,165 | ---- | C] () -- C:\Windows\System32\RM_DVRNET_DLL.dll

[2010/12/23 15:42:56 | 000,021,504 | ---- | C] () -- C:\Windows\System32\DvrOcxTRK.dll

[2010/12/23 15:42:48 | 000,021,504 | ---- | C] () -- C:\Windows\System32\DvrOcxTRK(KNOWLEDGE).dll

[2010/09/19 09:30:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxESP.dll

[2010/09/19 09:29:58 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxFRA.dll

[2010/09/19 09:29:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxRUS.dll

[2010/09/19 09:29:46 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DvrOcxPTB.dll

[2010/09/19 09:29:46 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxPTG.dll

[2010/09/19 09:29:42 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxDEU.dll

[2010/09/19 09:29:42 | 000,014,848 | ---- | C] () -- C:\Windows\System32\DvrOcxCHT.dll

[2010/09/19 09:29:34 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxPLK.dll

[2010/09/19 09:29:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxITA.dll

[2010/05/15 14:51:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\CNARSMNT.DLL

[2010/05/12 12:02:52 | 000,126,264 | ---- | C] () -- C:\Windows\System32\HPCP1020LM.dll

[2010/04/26 23:58:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll

[2010/04/21 00:25:05 | 000,087,808 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2010/04/20 14:21:45 | 000,033,792 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/20 11:59:42 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

[2010/04/20 10:45:38 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI

[2010/04/20 00:18:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/04/19 21:41:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/04/19 21:41:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/04/19 21:40:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2010/04/19 20:58:37 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[2010/04/19 20:52:50 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2010/04/19 20:52:50 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2010/04/19 20:52:50 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2010/04/19 20:52:50 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2010/04/19 20:20:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/04/19 19:30:13 | 000,002,391 | ---- | C] () -- C:\Windows\bthservsdp.dat

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 4/16/2012 11:14:28 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Robert\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 54.96% Memory free

7.16 Gb Paging File | 5.45 Gb Available in Paging File | 76.08% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 298.09 Gb Total Space | 155.67 Gb Free Space | 52.22% Space Free | Partition Type: NTFS

Computer Name: ROBERT-D630 | User Name: Robert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- "%1" %*

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{178BF835-C491-4397-9203-64E66859E528}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

"{17A090B7-603D-4385-8856-5CEA567E6774}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{1A844521-00DC-485E-95BD-BBD3BB12F8E7}" = rport=138 | protocol=17 | dir=out | app=system |

"{1E4103AA-E793-4C53-917E-A0643E972801}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3083558E-5AC6-41FE-AC2F-C5FE8C73D219}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{34E9C41A-6062-4DAF-ADFD-B7F64CC3D5AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3C78C333-6C26-451C-B56E-82D11CCB892A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{41141C4D-4223-453F-9B0F-D4CFD6910218}" = rport=137 | protocol=17 | dir=out | app=system |

"{4A31F599-F00D-4D60-AE8F-A266B03623C1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{4A3ED335-F989-4715-BFE0-2AF28BFD1C55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5073D0D8-C75E-451F-A6A8-5D2E5353DD90}" = lport=2869 | protocol=6 | dir=in | app=system |

"{528C9138-8D8D-474E-AD42-E217ABA88286}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{52D2AAEF-FC69-4951-A9E5-4D02976F6308}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5587EAE4-8712-4967-A92D-A9F0316C5AB5}" = lport=137 | protocol=17 | dir=in | app=system |

"{56F91CDD-2E5B-4E39-B0B9-3E4881F37B83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{60891C55-B064-4E4B-BB09-B65A2F6BA9FA}" = rport=445 | protocol=6 | dir=out | app=system |

"{705DF82B-F56F-42D9-B831-7F01D232128C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7500E63E-064B-4754-A1B2-E3747C3F2CF6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{848625E9-84E9-47F5-8AE0-271C81BFDD30}" = lport=139 | protocol=6 | dir=in | app=system |

"{87F6F3D4-AA13-448A-9E36-EF4E0475539C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8CA08EA7-957E-41F5-93CB-1A73A84B89E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8D5B21A3-44C5-44EC-B50D-EF5406154C2A}" = lport=138 | protocol=17 | dir=in | app=system |

"{9827E6CC-BB43-4D03-8B3D-65F19B097B33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{993BAF2B-DB9C-4A10-A9BC-481D9AEAD863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9F91641B-1849-458E-AA39-8F8310C7FFBF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{AEBA7712-3BEA-40E6-BD61-1366476DAE79}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |

"{D19C2046-2392-45AB-B472-3AF5CC7CAE86}" = rport=139 | protocol=6 | dir=out | app=system |

"{D8E314DC-66A1-462C-971D-C4642E0801EF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{E1321D59-1E7C-4298-B3EF-95BBB0F91F1E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{ED557472-B63F-49D3-96F7-5B3E2F316755}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F1A2F41D-8622-4B1D-938D-28E4212F2583}" = lport=445 | protocol=6 | dir=in | app=system |

"{F651676D-BF3C-42B4-9AA4-B907D5F75938}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FB80E643-7345-4DB3-B91A-5C7AA697F1F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FFE0B1D6-A60C-45E8-BAE7-C4EAFF21F99D}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{069F5B5C-F221-48C8-B428-47215976B55A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{447CA59B-E6E5-4D5C-AFF9-06FE25EC406F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4615B886-117F-446C-8E8D-5682AFBF2FC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{514DC282-F866-4FC5-885F-8E0DC13FB6B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{63534CC9-32D7-4D02-9C4D-196CA22F874C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{6E401C01-4CAD-41A2-B313-7820688F7063}" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |

"{706FEAE7-9282-48AA-9237-A5E2EBFC186A}" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |

"{79CD4FD6-F0AA-445D-A44F-D67593BB7A7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7CD578A7-7A8F-42E1-9BE6-AB5F233BC549}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{873F0E5E-2AA3-4259-88E4-920E2835C9D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{883DFAC3-E561-41F8-BB6A-4003D245DD35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8C58222F-7EED-4A90-9053-50B6B0E8E278}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9AAF8839-3862-4D16-90B7-46FC1B12708D}" = protocol=6 | dir=in | app=d:\installer\hpbcsiinstaller.exe |

"{9C4388A4-FB85-4982-B34B-307F72FE87DA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{A8B0E603-FD27-4FDB-B99E-2184B1C4E0EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{B53321FC-0167-4099-8BBB-13AEF6A12545}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BBE21FA7-8B41-49D3-AB2B-1052B10FEE9C}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{C10E0E6F-0DD3-454D-91F4-4F76FB37FB75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C8664A4A-24CD-4EE0-8AD6-2EB760AB3084}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{CD7E8A25-047F-4263-9741-BE4AFAB4A2D6}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{D5CEAF3A-D9F2-49A3-B2C9-A7D955B3EA00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{D8CF3C6C-9733-4160-B229-893B14DC91F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{DFADB277-6E49-4075-B1B8-72A37DC9D88E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E042C7ED-5BC2-464C-A217-036B902FF39F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E11246DD-49ED-4728-967F-E63617CEBBF4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{E8024B85-2FBE-4BC1-AA48-7CD73B12E56D}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

"{E90BB2F8-2975-493E-AE72-2C272430DA10}" = protocol=6 | dir=out | app=system |

"{EFE716A9-EF1D-492E-8C4D-14E990D68229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F76E60AB-31B5-4AE0-A82A-EBC884249DD6}" = protocol=17 | dir=in | app=d:\installer\hpbcsiinstaller.exe |

"TCP Query User{006AD60B-DD35-4462-8220-9D891D5CF0F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{1C5D04D1-0EBB-4B22-91C2-8D564DC10AF9}C:\program files\jawbone\jawboneupdater.exe" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |

"TCP Query User{33150E2D-7F12-4143-90A5-544D69B9464C}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |

"TCP Query User{3F3AFBA7-C58C-4551-BAB8-F533AC7CAAA2}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |

"TCP Query User{5A774374-B02A-4278-824F-24E233C25392}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |

"TCP Query User{CEDA8D22-F9E0-4E31-8454-F03B54864ECA}C:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe |

"UDP Query User{0C7D072D-E33B-4A23-B43D-CDF4EE76918F}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |

"UDP Query User{20303573-CF23-45CE-AF3F-68DA8BCD81F7}C:\program files\jawbone\jawboneupdater.exe" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe |

"UDP Query User{255ADB86-789D-483B-AEE2-6AF4E4835D4F}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |

"UDP Query User{55EA76FB-A15D-4257-BAC7-02C405C58C60}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{93A0DFC2-74F6-4553-9596-45DB6BB79B72}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |

"UDP Query User{F78F09CF-711E-4927-B8A1-8FAA06AA5B14}C:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series" = Canon iP100 series

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series

"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1C504B59-FFBF-4A65-9E0E-FE06159CAB9B}" = WD Drive Manager (x86)

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 26

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java SE Development Kit 6 Update 23

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59B13FD3-AD00-4E2C-AE30-0556451EC0DE}" = ScanSnap Organizer

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}" = HPLaserJetHelp_LearnCenter

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71EC91AF-279E-440A-BB0C-AD2C6598F601}" = CardMinder V3.1

"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies

"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009

"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA18EE51-24A5-4748-A5E2-4B035C9A4AB2}" = Canon MP780

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety

"{BFD1277A-1204-4f96-B16E-513CB7565356}" = Canon MF8100 Series

"{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23

"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.1

"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService

"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager

"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI

"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4F8DC6B-5591-4F22-BD5D-6CB8AA8D5452}" = hppCP1020LaserJetService

"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore

"{F66D28D2-0953-4E44-A0C5-0D0CD10BF589}" = SureDocs

"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com

"{F93DB94F-0E61-4800-81DF-0CACA6AAF114}" = XSites Desktop

"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Advanced SystemCare 4_is1" = Advanced SystemCare 4

"AudibleManager" = AudibleManager

"Avira AntiVir Desktop" = Avira Free Antivirus

"Canon iP100 series User Registration" = Canon iP100 series User Registration

"Canon Setup Utility 2.4" = Canon Setup Utility 2.4

"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"CutePDF Writer Installation" = CutePDF Writer 2.7

"DW WLAN Card Utility" = DW WLAN Card Utility

"Evrsoft First Page 2006 Pro_is1" = Evrsoft First Page 2006

"Google Calendar Sync" = Google Calendar Sync

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist 8.0.0.514

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 1.99.1

"InstallShield_{F93DB94F-0E61-4800-81DF-0CACA6AAF114}" = XSites Desktop

"Jawbone Updater" = Jawbone Updater

"LawnPro 44.15" = LawnPro 4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)

"MP Navigator 1.0" = Canon MP Navigator 1.0

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"ProInst" = Intel® PROSet/Wireless Software

"Rhapsody" = Rhapsody

"Smart Defrag 2_is1" = Smart Defrag 2

"SureDocs_is1" = SureDocs (novaPDF OEM 7.3 printer)

"TomTom HOME" = TomTom HOME 2.8.3.2499

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"WebPost" = Microsoft Web Publishing Wizard 1.52

"WinLiveSuite" = Windows Live Essentials

"zipForm6" = zipForm6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ClosetMaid v1.5.1" = ClosetMaid v1.5.1

"f031ef6ac137efc5" = Dell Driver Download Manager

"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/16/2012 11:48:54 PM | Computer Name = Robert-D630 | Source = Application Error | ID = 1000

Description = Faulting application HPLaserJetService.exe, version 2.7.397.0, time

stamp 0x4bc33882, faulting module hppccompio.dll, version 1.2.0.19, time stamp

0x4bab86d4, exception code 0xc0000417, fault offset 0x000058a9, process id 0xb9c,

application start time 0x01cd1c4cf2b0487e.

Error - 4/16/2012 11:49:44 PM | Computer Name = Robert-D630 | Source = WinMgmt | ID = 10

Description =

Error - 4/16/2012 11:50:55 PM | Computer Name = Robert-D630 | Source = Application Error | ID = 1000

Description = Faulting application HPCP1020STRAY.EXE, version 2010.415.1.19892,

time stamp 0x4bc77192, faulting module hppccompio.dll, version 1.2.0.19, time stamp

0x4bab86d4, exception code 0xc0000417, fault offset 0x000058a9, process id 0xffc,

application start time 0x01cd1c4cfc9bb63e.

Error - 4/16/2012 11:51:38 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008

Description =

Error - 4/16/2012 11:51:38 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1010

Description =

Error - 4/16/2012 11:51:39 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008

Description =

Error - 4/16/2012 11:51:39 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008

Description =

Error - 4/16/2012 11:51:40 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008

Description =

Error - 4/16/2012 11:51:41 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008

Description =

Error - 4/16/2012 11:51:42 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008

Description =

[ Broadcom Wireless LAN Events ]

Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0

Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless

Adapter Manager Container)

Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0

Description = 22:51:05, Sun, Apr 15, 12 Error - Error in creating key container -

-2146893809 (Broadcom Wireless Adapter Manager Container)

Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0

Description = 22:51:07, Sun, Apr 15, 12 Error - Error in creating key container -

-2146893809 (Broadcom Wireless Adapter Manager Container WORKGROUP\ROBERT-D630$)

Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0

Description = 22:51:07, Sun, Apr 15, 12 Error - Cryptography API's do not work on

this system.

Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0

Description = 22:51:07, Sun, Apr 15, 12 Error - Unable to gain access to user store

Error - 4/15/2012 11:51:25 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0

Description = 22:51:25, Sun, Apr 15, 12 Error - Unable to gain access to user store

Error - 4/15/2012 11:54:10 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0

Description = 22:54:10, Sun, Apr 15, 12 Error - Unable to gain access to user store

Error - 4/15/2012 11:54:29 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0

Description = 22:54:29, Sun, Apr 15, 12 Error - Unable to get current user admin

status

[ System Events ]

Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023

Description =

Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7003

Description =

Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023

Description =

Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023

Description =

Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7003

Description =

Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023

Description =

Error - 4/16/2012 11:49:51 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7034

Description =

Error - 4/16/2012 11:51:50 PM | Computer Name = Robert-D630 | Source = WMPNetworkSvc | ID = 866293

Description =

Error - 4/16/2012 11:52:47 PM | Computer Name = Robert-D630 | Source = WMPNetworkSvc | ID = 866293

Description =

Error - 4/16/2012 11:59:06 PM | Computer Name = Robert-D630 | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.123.1823.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

< End of report >

Link to post
Share on other sites

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.