Jump to content

Fake FBI Notice - locked computer


tb1rd96

Recommended Posts

- I got a black screen with a fake FBI notice to send $200 to unlock computer,

- I can access all the Safe Modes, so I did get to update Mbytes today.

- I can not access my #1 monitor that contains all my icons in Normal Mode, so I can not run any programs including Mbytes saved to desktop. Monitors 2 & 3 operate normally.

- I will not do anything more without your directions.

I appreciate your help! Thanks.

Link to post
Share on other sites

See if you can do this.................

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

I have been trying to follow your directions all morning (I am in Colorado so I am 2 hrs later than you in NJ). I appreciate your help!

I can get to the 'Repair your computer' prompt but when I select it, I am taken to the 'Windows Boot Manager' screen "Windows failed to start......Status: 0xc000000e.......Info: The bootselection failed because a required device is inaccessible."

If I allow the computer to start normally, it does start normally, then the 'FBI' blocking popup appears (at which point I immediately shut down. Therefore, my C:\ drive is actually accessable. I have disconnected all other HDs and my network so my C:\ is isolated. I do have a Win7 64bit Bootable Repair Disk, but it lead to the same "inaccessable" message. I do not have a Win installation disk. I can access the Safe Modes, but the SMw/command prompt leads to an 'Admin: cmd.exe' screen with a suspicious looking (to me) "Tablet PC Input Panel" tab appearing to the middle left-hand side. Otherwise, the command prompt is there - I did nothing with it yet; I'll wait to hear from you.

Link to post
Share on other sites

Click the link below and towards the bottom you see instruction to make an OTLPE disk.

See if you can make one, when you do.... see if you can boot to it with the sick computer:

http://maddoktor2.co...ic,37030.0.html

~~~~~~~~~~~~~~~~~~~~~~

If so..............

Once you have the cd, boot the computer up using it.

Note : If you do not know how to set your computer to boot from CD follow the steps here

It's going to go something like this when OTLPE loads:

  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.

Let me know....

MrC

Link to post
Share on other sites

Sometimes I use Ccleaner to clean the Registry after I install a new program and I have Ccleaner do a manual backup at that time, but I don't believe there are any auto backups of it. I have never heard of ERUNT before. I do not have any auto backups running on the computer at all - I do a complete manual backup of my D:\ drive every week that contains only & all of my data.

Some notes - when I dbbl click the OTLPE icon, a smallish black popup (looks kind of like a DOS window) flashes up and instantly off just before the "Browse For Folder" popup comes on screen. Also, when I click Cancel on the "Browse For Folder" (and don't select a folder), a popup comes up titled "Runscanner ..." that says "No windows installations found." If I do select the SYSTEM (C:) folder, then a popup titled "RunScanner Error" says "Target is not windows 2000 or later." (In my quotes, I have reproduced the capitalizations exactly.)

Link to post
Share on other sites

I hasten to add that my computers are for hobby use and are not mission critical (now my wife's desktop is identical to my sick one and you can bet it is the top priority machine around here!! Ha! Fortunately, it is OK). I am writing this on a very nice, new-this-summer laptop, so I am not hurting. I don't want you to think this is a most pressing issue to solve immediately. I value your time and respect your willingness to help.

Link to post
Share on other sites

OK, this is what you have to do for that message that pops up:

OTLPE uses runscanner, which is looking for the Windows folder. It doesn't search for it automatically, so the user must browse to the Windows folder and select it, so runscanner can open the registry (and etc.) for the OTL run.

Any application in a PE environment that uses runscanner will behave the same way, releasing the registry after the application has run.

Let me know....MrC

Link to post
Share on other sites

My Win7 and all my programs are on a Samsung 830 128GB SSD. Normally, the SSD has a System partition with no drive letter and the C:\ drive. Somewhere along the line, somehow the System has been given the drive letter C:\ and the Win7 is in I:\ which caused me a lot of confusion. Once I figured this out, I easily found the Windows folder in OTLPE "Browse For Folder" and could run the program. I have Partition Master and can change the drive letters once the patient is repaired.

One odd thing - when asked to load remote registry, I said Yes and it went directly to Auto Load All Remaining Users.

So, I canceled out and redid OTLPE and it asked to load remote user profiles, then went directly to Auto Load All Remaining Users.

Therefore, maybe this file may be only one part of what you expect.

OTL.txt

OTL logfile created on: 11/20/2012 7:16:28 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)

Drive C: | 107.81 Mb Total Space | 81.91 Mb Free Space | 75.97% Space Free | Partition Type: NTFS

Drive D: | 3.79 Gb Total Space | 3.73 Gb Free Space | 98.56% Space Free | Partition Type: FAT32

Drive I: | 104.13 Gb Total Space | 45.72 Gb Free Space | 43.90% Space Free | Partition Type: NTFS

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- I:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/03/12 11:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto] -- I:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®

SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- I:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto] -- I:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto] -- I:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2010/04/07 08:04:24 | 000,127,800 | ---- | M] (HP) [Auto] -- I:\Windows\System32\HPSIsvc.exe -- (HPSIService)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/10/08 21:44:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/12/23 01:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- I:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)

SRV - [2011/12/23 01:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- I:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/04/30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)

SRV - [2011/03/01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand] -- I:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)

SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- I:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand] -- I:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto] -- I:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/04/29 08:27:00 | 000,073,000 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RAMDiskVE.sys -- (RAMDiskVE)

DRV:64bit: - [2012/03/06 05:09:22 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\iqvw64e.sys -- (NAL)

DRV:64bit: - [2011/12/23 01:09:40 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- I:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK)

DRV:64bit: - [2011/12/23 01:09:38 | 000,051,336 | ---- | M] () [Kernel | Boot] -- I:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)

DRV:64bit: - [2011/12/23 01:09:34 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- I:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)

DRV:64bit: - [2011/12/23 01:09:30 | 000,057,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot] -- I:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)

DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- I:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- I:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- I:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2011/05/31 20:00:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS -- (SymNetS)

DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- I:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- I:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)

DRV:64bit: - [2010/11/25 04:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System] -- I:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON)

DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- I:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2010/01/28 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/10/14 18:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot] -- I:\Windows\System32\drivers\ahcix64s.sys -- (ahcix64s)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/06/13 02:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel®

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [1999/12/31 19:00:00 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV - [2012/10/05 13:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/09/12 21:13:03 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.016\ex64.sys -- (NAVEX15)

DRV - [2012/09/12 21:13:03 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.016\eng64.sys -- (NAVENG)

DRV - [2012/09/06 05:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121110.005\IDSviA64.sys -- (IDSVia64)

DRV - [2012/08/09 10:57:26 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- I:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011/06/02 12:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand] -- I:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)

DRV - [2010/07/09 13:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- I:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DefaultAppPool_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\DefaultAppPool_ON_I\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1

IE - HKU\DefaultAppPool_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKU\Glen_ON_I\Software\Microsoft\Internet Explorer\Main,Default Download Directory =

IE - HKU\Glen_ON_I\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\Glen_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/right-now/Erie+CO+USCO0129:1:US

IE - HKU\Glen_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: I:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: I:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: I:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: I:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: I:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3: I:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: I:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: I:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: I:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: I:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/01 01:11:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 11:16:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/11/20 20:25:10 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/10/25 22:22:47 | 000,444,707 | R--- | M]) - I:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.123fporn.info

O1 - Hosts: 15272 more lines...

O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - I:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - I:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - I:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - I:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)

O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - I:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - I:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)

O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] I:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [Classic Start Menu] I:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)

O4:64bit: - HKLM..\Run: [EvtMgr6] I:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [iAStorIcon] I:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] I:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [MaxMenuMgr] I:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [startCCC] I:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\DefaultAppPool_ON_I..\Run: [HPADVISOR] File not found

O4 - HKU\DefaultAppPool_ON_I..\Run: [sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\Glen_ON_I..\Run: [Grid] I:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()

O4 - HKU\Glen_ON_I..\Run: [HydraVisionDesktopManager] I:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

O4 - HKU\Glen_ON_I..\Run: [HydraVisionMDEngine] I:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD)

O4 - HKU\Glen_ON_I..\Run: [LinkStashMonitor] I:\Program Files (x86)\LinkStash\lsmon.exe ()

O4 - HKU\Glen_ON_I..\Run: [svñhîst] File not found

O4 - HKU\LocalService_ON_I..\Run: [sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_I..\Run: [sidebar] I:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\DefaultAppPool_ON_I..\RunOnce: [mctadmin] File not found

O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found

O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\Glen_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - I:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)

O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - I:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - Glen_ON_I\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - I:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/11/20 20:04:10 | 000,000,000 | ---D | C] -- I:\FRST

[2012/11/12 23:56:15 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{135F2ADE-ACA3-47C8-8126-A227FA1799A3}

[2012/11/12 12:21:19 | 000,000,000 | ---D | C] -- I:\ProgramData\ATI

[2012/11/12 12:21:18 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\AMD AVT

[2012/11/12 12:21:16 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\AMD APP

[2012/11/12 12:21:07 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/11/12 12:20:18 | 000,000,000 | ---D | C] -- I:\Program Files\ATI

[2012/11/12 11:55:41 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{43D30A77-F383-498A-B226-517E76221442}

[2012/11/11 23:55:06 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{E8657607-7D0F-4E4B-B22B-141AD3F5A464}

[2012/11/11 11:54:32 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{6E04220D-0074-42BA-9AD9-40BD3E84B131}

[2012/11/10 14:50:24 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{0B97FBBC-CF08-4771-AB89-4CF6C24BA724}

[2012/11/09 23:55:49 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{9B9BADB8-B11C-4604-B2BB-BCD405E9180B}

[2012/11/09 11:55:26 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{DAE2862F-D591-41FA-8878-70DF5B6AFBEF}

[2012/11/08 23:54:52 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{2744916D-0B0E-4667-B487-AF86427E7EA6}

[2012/11/08 11:54:29 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{E4FF8A2E-F143-4138-B051-D31A7AD907AE}

[2012/11/08 00:03:38 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/11/08 00:03:34 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\QuickTime

[2012/11/07 18:27:52 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{26779CC5-967A-4872-A30B-46F9088BE921}

[2012/11/07 00:38:43 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{E67E6DCB-A8C4-4917-8BEE-BBCA698A7851}

[2012/11/06 12:38:08 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{8D1438DF-B3F6-4F16-9AB4-31686577EDD6}

[2012/11/06 00:37:34 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{CD2571DE-AEE8-47AB-98EC-06288107AF86}

[2012/11/05 19:24:25 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

[2012/11/05 12:37:11 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{6A38D110-3B18-4E8A-A772-B32B66C5AF4B}

[2012/11/04 13:28:29 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{2EF523FB-5DE3-4EB5-B2F5-16B428E0DECD}

[2012/11/04 01:27:54 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{FE991D58-D6C2-4BDF-BA09-79EB46D6C888}

[2012/11/03 13:27:31 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{34F437B3-3511-4365-B522-5CF9E1C202DA}

[2012/11/02 20:40:48 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician

[2012/11/02 20:40:45 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Samsung SSD Magician

[2012/11/02 18:27:41 | 000,000,000 | ---D | C] -- I:\ICONS

[2012/11/02 18:25:44 | 000,000,000 | ---D | C] -- I:\CURSORS

[2012/11/02 18:21:26 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell

[2012/11/02 18:21:26 | 000,000,000 | ---D | C] -- I:\Program Files\Classic Shell

[2012/11/02 18:17:13 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{8E816E8B-4239-42D1-9A77-B614DD5D026F}

[2012/11/02 16:56:20 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{D0DD8817-50A0-4DB3-8EC1-82CCC21018F2}

[2012/11/02 16:30:03 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{803D4D60-994A-445E-8066-B98373049640}

[2012/10/26 11:38:20 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{7EA82703-4645-4503-8D12-8856E607756D}

[2012/10/26 11:34:29 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{498D78CA-FFB5-46CD-AEF7-51D2EEDDF0DB}

[2012/10/25 13:20:42 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{523C112A-6A8F-423C-9A73-C9372EFCA675}

[2012/10/25 05:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- I:\Windows\SysWow64\QuickTimeVR.qtx

[2012/10/25 05:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- I:\Windows\SysWow64\QuickTime.qts

[2012/10/24 09:31:49 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{864E8024-E64C-4175-9E8F-7BD34CDA727C}

[2012/10/24 00:20:54 | 000,000,000 | ---D | C] -- I:\Windows\Minidump

[2012/10/23 12:20:30 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{D6C5408C-9045-4C4A-9C54-D7E5608166A6}

[2012/10/22 12:40:08 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{8FD7A988-7F27-41A0-87D7-811B0A24B044}

[2012/10/22 00:39:34 | 000,000,000 | ---D | C] -- I:\Users\Glen\AppData\Local\{8CF8D34B-1262-4F57-8B80-5C0E6EF1F3DC}

[1 I:\Program Files (x86)\*.tmp files -> I:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/20 20:26:21 | 1153,433,600 | ---- | M] () -- I:\RAMDisk.img

[2012/11/20 20:26:19 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat

[2012/11/20 20:25:11 | 000,000,890 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/20 20:05:02 | 000,717,976 | ---- | M] () -- I:\Windows\System32\perfh009.dat

[2012/11/20 20:05:02 | 000,140,468 | ---- | M] () -- I:\Windows\System32\perfc009.dat

[2012/11/20 13:30:18 | 000,006,632 | ---- | M] () -- I:\bootsqm.dat

[2012/11/20 12:28:53 | 000,001,021 | ---- | M] () -- I:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LinkStash.lnk

[2012/11/19 16:35:59 | 000,001,599 | ---- | M] () -- I:\Users\Glen\Desktop\mbam.exe.lnk

[2012/11/19 16:21:13 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/13 11:50:57 | 000,015,984 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/13 11:50:57 | 000,015,984 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/13 00:44:00 | 000,000,830 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/13 00:07:00 | 000,000,894 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/12 12:21:07 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/11/08 00:03:38 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/11/06 17:44:52 | 000,001,289 | ---- | M] () -- I:\Users\Glen\Desktop\Windows Explorer.lnk

[2012/11/05 19:24:26 | 000,001,187 | ---- | M] () -- I:\Users\Glen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

[2012/11/05 19:24:26 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

[2012/11/03 18:13:01 | 000,000,328 | ---- | M] () -- I:\Windows\tasks\HPCeeScheduleForGlen.job

[2012/11/02 20:40:48 | 000,001,246 | ---- | M] () -- I:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk

[2012/11/02 20:40:48 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician

[2012/11/02 20:21:27 | 000,001,836 | ---- | M] () -- I:\Users\Glen\Desktop\SpeedFan.lnk

[2012/11/02 20:20:57 | 000,001,293 | ---- | M] () -- I:\Users\Glen\Desktop\DNSBench.lnk

[2012/11/02 20:20:20 | 000,002,025 | ---- | M] () -- I:\Users\Glen\Desktop\ColorCopy.lnk

[2012/11/02 20:18:29 | 000,002,108 | ---- | M] () -- I:\Users\Glen\Desktop\Task Mgr.lnk

[2012/11/02 20:16:01 | 000,001,603 | ---- | M] () -- I:\Users\Glen\Desktop\Disk Mgr.lnk

[2012/11/02 20:11:41 | 000,001,733 | ---- | M] () -- I:\Users\Glen\Desktop\My Calendar.lnk

[2012/11/02 20:09:41 | 000,002,139 | ---- | M] () -- I:\Users\Glen\Desktop\I QUIT.lnk

[2012/11/02 20:03:30 | 000,002,481 | ---- | M] () -- I:\Users\Glen\Desktop\Rx Refill.lnk

[2012/11/02 20:02:57 | 000,002,193 | ---- | M] () -- I:\Users\Glen\Desktop\Monthly Bills.lnk

[2012/11/02 19:57:51 | 000,000,930 | ---- | M] () -- I:\Users\Glen\Desktop\Control Panel.lnk

[2012/11/02 19:57:06 | 000,001,339 | ---- | M] () -- I:\Users\Glen\Desktop\Printers.lnk

[2012/11/02 18:21:26 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell

[2012/10/25 22:36:38 | 000,001,164 | ---- | M] () -- I:\Users\Glen\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/25 22:22:47 | 000,444,707 | R--- | M] () -- I:\Windows\System32\drivers\etc\hosts

[2012/10/25 05:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- I:\Windows\SysWow64\QuickTimeVR.qtx

[2012/10/25 05:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- I:\Windows\SysWow64\QuickTime.qts

[1 I:\Program Files (x86)\*.tmp files -> I:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/20 13:30:18 | 000,006,632 | ---- | C] () -- I:\bootsqm.dat

[2012/11/19 16:35:59 | 000,001,599 | ---- | C] () -- I:\Users\Glen\Desktop\mbam.exe.lnk

[2012/11/05 19:24:26 | 000,001,187 | ---- | C] () -- I:\Users\Glen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

[2012/11/02 17:19:55 | 000,001,289 | ---- | C] () -- I:\Users\Glen\Desktop\Windows Explorer.lnk

[2012/08/18 20:56:13 | 000,079,872 | ---- | C] () -- I:\Windows\SysWow64\ff_vfw.dll

[2012/06/11 11:50:16 | 000,204,952 | ---- | C] () -- I:\Windows\SysWow64\ativvsvl.dat

[2012/06/11 11:50:16 | 000,157,144 | ---- | C] () -- I:\Windows\SysWow64\ativvsva.dat

[2012/05/02 16:58:10 | 000,029,184 | ---- | C] () -- I:\Windows\SysWow64\kdbsdk32.dll

[2012/04/15 13:54:54 | 002,469,760 | ---- | C] () -- I:\Windows\SysWow64\BootMan.exe

[2012/04/15 13:54:54 | 000,086,408 | ---- | C] () -- I:\Windows\SysWow64\setupempdrv03.exe

[2012/04/15 13:54:54 | 000,019,840 | ---- | C] () -- I:\Windows\SysWow64\EuEpmGdi.dll

[2012/04/15 13:54:54 | 000,014,216 | ---- | C] () -- I:\Windows\SysWow64\epmntdrv.sys

[2012/04/15 13:54:54 | 000,008,456 | ---- | C] () -- I:\Windows\SysWow64\EuGdiDrv.sys

[2012/04/02 23:49:29 | 000,000,614 | ---- | C] () -- I:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011/11/06 20:06:19 | 000,000,069 | ---- | C] () -- I:\Windows\NeroDigital.ini

[2011/10/25 23:21:34 | 000,056,832 | ---- | C] () -- I:\Windows\SysWow64\OVDecoder.dll

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- I:\Windows\SysWow64\atipblag.dat

[2011/03/22 16:28:07 | 000,000,621 | ---- | C] () -- I:\Users\Glen\AppData\Roaming\Network Monitor II_Settings.ini

[2011/02/25 01:05:22 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll

[2010/12/20 17:02:11 | 000,000,193 | ---- | C] () -- I:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

[2010/12/01 01:10:15 | 000,023,140 | ---- | C] () -- I:\Windows\hpqins15.dat

[2010/07/02 22:33:13 | 000,851,992 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI

[2010/06/14 13:21:00 | 000,000,061 | ---- | C] () -- I:\Windows\VSWizard.ini

[2010/06/02 13:28:29 | 000,000,848 | -HS- | C] () -- I:\ProgramData\KGyGaAvL.sys

[2010/05/14 00:45:35 | 000,477,057 | ---- | C] () -- I:\Windows\hphins29.dat.temp

[2010/05/14 00:45:35 | 000,000,724 | ---- | C] () -- I:\Windows\hphmdl29.dat.temp

[2010/05/09 23:03:32 | 000,007,646 | ---- | C] () -- I:\Users\Glen\AppData\Local\resmon.resmoncfg

[2010/05/06 04:02:39 | 000,000,000 | ---- | C] () -- I:\Windows\ativpsrm.bin

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat

[2009/04/01 12:48:16 | 000,053,478 | ---- | C] () -- I:\Windows\mvtcpui.ini

[2008/02/01 02:48:00 | 000,040,960 | ---- | C] () -- I:\Windows\sucdapi.dll

[2002/09/11 09:26:52 | 000,063,730 | ---- | C] () -- I:\Program Files (x86)\viewsonicinstruct_xp.pdf

[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- I:\Windows\SysWow64\DOCOBJ.DLL

[1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- I:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2010/08/22 15:56:32 | 000,000,000 | ---D | M] -- I:\ProgramData\AJC Software

[2012/11/12 12:21:18 | 000,000,000 | ---D | M] -- I:\ProgramData\AMD

[2011/05/08 17:08:49 | 000,000,000 | ---D | M] -- I:\ProgramData\AmUStor

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data

[2011/12/08 18:33:55 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonBJ

[2011/12/08 18:47:04 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonEPP

[2011/12/08 18:51:48 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonIJEGV

[2011/12/08 18:47:04 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonIJEPPEX2

[2011/12/08 18:36:06 | 000,000,000 | ---D | M] -- I:\ProgramData\CanonIJMSetup

[2012/01/26 14:27:55 | 000,000,000 | -H-D | M] -- I:\ProgramData\CanonIJScan

[2011/12/08 18:35:53 | 000,000,000 | ---D | M] -- I:\ProgramData\CanonIJWSpt

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents

[2010/12/19 18:37:33 | 000,000,000 | ---D | M] -- I:\ProgramData\Driver Whiz

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites

[2012/09/15 17:26:23 | 000,000,000 | ---D | M] -- I:\ProgramData\Futuremark

[2010/08/22 15:54:18 | 000,000,000 | ---D | M] -- I:\ProgramData\IsolatedStorage

[2010/10/29 13:56:04 | 000,000,000 | ---D | M] -- I:\ProgramData\Karen's Power Tools

[2010/07/09 21:06:54 | 000,000,000 | ---D | M] -- I:\ProgramData\LightScribe

[2011/11/08 15:06:47 | 000,000,000 | ---D | M] -- I:\ProgramData\Maxtor

[2010/05/28 16:13:58 | 000,000,000 | ---D | M] -- I:\ProgramData\MiK

[2010/08/31 18:23:49 | 000,000,000 | ---D | M] -- I:\ProgramData\PC-Doctor for Windows

[2012/08/22 11:42:08 | 000,000,000 | ---D | M] -- I:\ProgramData\PCPitstop

[2011/05/31 19:27:03 | 000,000,000 | ---D | M] -- I:\ProgramData\PCSettings

[2012/11/20 13:15:12 | 000,000,000 | ---D | M] -- I:\ProgramData\Recovery

[2012/10/16 20:37:16 | 000,000,000 | ---D | M] -- I:\ProgramData\Samsung

[2010/10/20 15:58:18 | 000,000,000 | ---D | M] -- I:\ProgramData\Seagate

[2012/04/05 11:53:40 | 000,000,000 | ---D | M] -- I:\ProgramData\Soluto

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu

[2011/08/10 11:02:29 | 000,000,000 | ---D | M] -- I:\ProgramData\Temp

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates

[2012/05/18 23:11:05 | 000,000,000 | ---D | M] -- I:\ProgramData\TP-LINK

[2010/05/06 04:30:38 | 000,000,000 | ---D | M] -- I:\ProgramData\WildTangent

[2011/10/26 22:24:51 | 000,000,000 | ---D | M] -- I:\ProgramData\WinZip

[2012/08/19 16:18:24 | 000,000,000 | ---D | M] -- I:\ProgramData\Zoom Player

[2010/05/06 04:21:56 | 000,000,000 | ---D | M] -- I:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D}

[2012/10/05 18:28:50 | 000,000,456 | ---- | M] () -- I:\Windows\Tasks\PCDRScheduledMaintenance.job

[2012/10/11 12:02:00 | 000,032,572 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/11/11 00:21:20 | 000,000,088 | ---- | M] ()(I:\Windows\SysWow64\?XÑ) -- I:\Windows\SysWow64\XÑ

[2011/11/11 00:21:20 | 000,000,088 | ---- | C] ()(I:\Windows\SysWow64\?XÑ) -- I:\Windows\SysWow64\XÑ

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> I:\ProgramData\Temp:CF778051

< End of report >

Link to post
Share on other sites

I didn't find what I thought I would but lets clear these out.

Did you by any chance try using system restore??

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, basically what we want to do is copy the text that's in bold into the Custom Scans/Fixes box of OTLPE

Here's how to do that:

Copy the text in bold into notepad and save it:

:OTL

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4 - HKU\Glen_ON_I..\Run: [svñhîst] File not found

O4 - HKU\DefaultAppPool_ON_I..\RunOnce: [mctadmin] File not found

O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found

O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

[1 I:\Program Files (x86)\*.tmp files -> I:\Program Files (x86)\*.tmp -> ]

[2011/11/11 00:21:20 | 000,000,088 | ---- | M] ()(I:\Windows\SysWow64\?XÑ) -- I:\Windows\SysWow64\XÑ

[2011/11/11 00:21:20 | 000,000,088 | ---- | C] ()(I:\Windows\SysWow64\?XÑ) -- I:\Windows\SysWow64\XÑ

@Alternate Data Stream - 121 bytes -> I:\ProgramData\Temp:CF778051

Copy it to your flash drive

Boot the computer up using the OTLPE disk

Run OTLPE

Plug in the flash drive

Drag the notepad text to the desktop

Open it up and copy and paste the text into Custom Scans/Fixes

Then click the Run Fix button at the top

Copy and paste the log back here.

Let me know.......MrC

Link to post
Share on other sites

No, I did not try system restore because I disabled it (hang my head in shame....). Yes, dumb stunt. I already beat on myself for not having it active and planned to activate it after it is fixed.

Sorry to be dumb about this, but notepad has several encoding formats - should it be Unicode?

Link to post
Share on other sites

Here is the 'fix' log:

(NOTE - the sick machine changed the Win drive letter from I to H / I modified your script to make it work - just to let you know if something looks really strange if I missed one.)

----------------------------------------------------------------------

OTL logfile created on: 11/20/2012 10:45:56 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)

Drive C: | 107.81 Mb Total Space | 81.91 Mb Free Space | 75.97% Space Free | Partition Type: NTFS

Drive H: | 104.13 Gb Total Space | 45.72 Gb Free Space | 43.90% Space Free | Partition Type: NTFS

Drive I: | 3.79 Gb Total Space | 3.73 Gb Free Space | 98.56% Space Free | Partition Type: FAT32

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/03/12 11:57:22 | 000,190,120 | ---- | M] (Intel Corporation) [Auto] -- H:\Windows\System32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®

SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- H:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto] -- H:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto] -- H:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2010/04/07 08:04:24 | 000,127,800 | ---- | M] (HP) [Auto] -- H:\Windows\System32\HPSIsvc.exe -- (HPSIService)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/10/08 21:44:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/12/23 01:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- H:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)

SRV - [2011/12/23 01:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- H:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- H:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/04/30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)

SRV - [2011/03/01 19:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand] -- H:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)

SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- H:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- H:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand] -- H:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto] -- H:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/04/29 08:27:00 | 000,073,000 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- H:\Windows\System32\drivers\RAMDiskVE.sys -- (RAMDiskVE)

DRV:64bit: - [2012/03/06 05:09:22 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\iqvw64e.sys -- (NAL)

DRV:64bit: - [2011/12/23 01:09:40 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- H:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK)

DRV:64bit: - [2011/12/23 01:09:38 | 000,051,336 | ---- | M] () [Kernel | Boot] -- H:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)

DRV:64bit: - [2011/12/23 01:09:34 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- H:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)

DRV:64bit: - [2011/12/23 01:09:30 | 000,057,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot] -- H:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)

DRV:64bit: - [2011/09/08 18:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- H:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- H:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- H:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2011/05/31 20:00:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS -- (SymNetS)

DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System] -- H:\Windows\System32\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- H:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- H:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- H:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)

DRV:64bit: - [2010/11/25 04:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- H:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System] -- H:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON)

DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- H:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2010/01/28 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/10/14 18:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot] -- H:\Windows\System32\drivers\ahcix64s.sys -- (ahcix64s)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/06/13 02:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\e1y62x64.sys -- (e1yexpress) Intel®

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [1999/12/31 19:00:00 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV - [2012/10/05 13:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/09/12 21:13:03 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- H:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.016\ex64.sys -- (NAVEX15)

DRV - [2012/09/12 21:13:03 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- H:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121112.016\eng64.sys -- (NAVENG)

DRV - [2012/09/06 05:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121110.005\IDSviA64.sys -- (IDSVia64)

DRV - [2012/08/09 10:57:26 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- H:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011/06/02 12:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand] -- H:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)

DRV - [2010/07/09 13:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- H:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DefaultAppPool_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\DefaultAppPool_ON_H\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1

IE - HKU\DefaultAppPool_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKU\Glen_ON_H\Software\Microsoft\Internet Explorer\Main,Default Download Directory =

IE - HKU\Glen_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\Glen_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/right-now/Erie+CO+USCO0129:1:US

IE - HKU\Glen_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: H:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: H:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3: H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: H:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: H:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: H:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: H:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/01 01:11:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 11:16:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/11/20 20:25:10 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/10/25 22:22:47 | 000,444,707 | R--- | M]) - H:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.123fporn.info

O1 - Hosts: 15272 more lines...

O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - H:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - H:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)

O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - H:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - H:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)

O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - H:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - H:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)

O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] H:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [Classic Start Menu] H:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)

O4:64bit: - HKLM..\Run: [EvtMgr6] H:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [iAStorIcon] H:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] H:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [MaxMenuMgr] H:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [startCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\DefaultAppPool_ON_H..\Run: [HPADVISOR] File not found

O4 - HKU\DefaultAppPool_ON_H..\Run: [sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\Glen_ON_H..\Run: [Grid] H:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()

O4 - HKU\Glen_ON_H..\Run: [HydraVisionDesktopManager] H:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

O4 - HKU\Glen_ON_H..\Run: [HydraVisionMDEngine] H:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD)

O4 - HKU\Glen_ON_H..\Run: [LinkStashMonitor] H:\Program Files (x86)\LinkStash\lsmon.exe ()

O4 - HKU\Glen_ON_H..\Run: [svñhîst] File not found

O4 - HKU\LocalService_ON_H..\Run: [sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_H..\Run: [sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\DefaultAppPool_ON_H..\RunOnce: [mctadmin] File not found

O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found

O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\Glen_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - H:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)

O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - H:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - Glen_ON_H\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - H:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/11/20 22:27:39 | 000,000,000 | ---D | C] -- H:\_OTL

[2012/11/20 20:04:10 | 000,000,000 | ---D | C] -- H:\FRST

[2012/11/12 23:56:15 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{135F2ADE-ACA3-47C8-8126-A227FA1799A3}

[2012/11/12 12:21:19 | 000,000,000 | ---D | C] -- H:\ProgramData\ATI

[2012/11/12 12:21:18 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\AMD AVT

[2012/11/12 12:21:16 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\AMD APP

[2012/11/12 12:21:07 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/11/12 12:20:18 | 000,000,000 | ---D | C] -- H:\Program Files\ATI

[2012/11/12 11:55:41 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{43D30A77-F383-498A-B226-517E76221442}

[2012/11/11 23:55:06 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{E8657607-7D0F-4E4B-B22B-141AD3F5A464}

[2012/11/11 11:54:32 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{6E04220D-0074-42BA-9AD9-40BD3E84B131}

[2012/11/10 14:50:24 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{0B97FBBC-CF08-4771-AB89-4CF6C24BA724}

[2012/11/09 23:55:49 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{9B9BADB8-B11C-4604-B2BB-BCD405E9180B}

[2012/11/09 11:55:26 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{DAE2862F-D591-41FA-8878-70DF5B6AFBEF}

[2012/11/08 23:54:52 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{2744916D-0B0E-4667-B487-AF86427E7EA6}

[2012/11/08 11:54:29 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{E4FF8A2E-F143-4138-B051-D31A7AD907AE}

[2012/11/08 00:03:38 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/11/08 00:03:34 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\QuickTime

[2012/11/07 18:27:52 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{26779CC5-967A-4872-A30B-46F9088BE921}

[2012/11/07 00:38:43 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{E67E6DCB-A8C4-4917-8BEE-BBCA698A7851}

[2012/11/06 12:38:08 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{8D1438DF-B3F6-4F16-9AB4-31686577EDD6}

[2012/11/06 00:37:34 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{CD2571DE-AEE8-47AB-98EC-06288107AF86}

[2012/11/05 19:24:25 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

[2012/11/05 12:37:11 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{6A38D110-3B18-4E8A-A772-B32B66C5AF4B}

[2012/11/04 13:28:29 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{2EF523FB-5DE3-4EB5-B2F5-16B428E0DECD}

[2012/11/04 01:27:54 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{FE991D58-D6C2-4BDF-BA09-79EB46D6C888}

[2012/11/03 13:27:31 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{34F437B3-3511-4365-B522-5CF9E1C202DA}

[2012/11/02 20:40:48 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician

[2012/11/02 20:40:45 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Samsung SSD Magician

[2012/11/02 18:27:41 | 000,000,000 | ---D | C] -- H:\ICONS

[2012/11/02 18:25:44 | 000,000,000 | ---D | C] -- H:\CURSORS

[2012/11/02 18:21:26 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell

[2012/11/02 18:21:26 | 000,000,000 | ---D | C] -- H:\Program Files\Classic Shell

[2012/11/02 18:17:13 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{8E816E8B-4239-42D1-9A77-B614DD5D026F}

[2012/11/02 16:56:20 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{D0DD8817-50A0-4DB3-8EC1-82CCC21018F2}

[2012/11/02 16:30:03 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{803D4D60-994A-445E-8066-B98373049640}

[2012/10/26 11:38:20 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{7EA82703-4645-4503-8D12-8856E607756D}

[2012/10/26 11:34:29 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{498D78CA-FFB5-46CD-AEF7-51D2EEDDF0DB}

[2012/10/25 13:20:42 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{523C112A-6A8F-423C-9A73-C9372EFCA675}

[2012/10/25 05:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- H:\Windows\SysWow64\QuickTimeVR.qtx

[2012/10/25 05:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- H:\Windows\SysWow64\QuickTime.qts

[2012/10/24 09:31:49 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{864E8024-E64C-4175-9E8F-7BD34CDA727C}

[2012/10/24 00:20:54 | 000,000,000 | ---D | C] -- H:\Windows\Minidump

[2012/10/23 12:20:30 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{D6C5408C-9045-4C4A-9C54-D7E5608166A6}

[2012/10/22 12:40:08 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{8FD7A988-7F27-41A0-87D7-811B0A24B044}

[2012/10/22 00:39:34 | 000,000,000 | ---D | C] -- H:\Users\Glen\AppData\Local\{8CF8D34B-1262-4F57-8B80-5C0E6EF1F3DC}

[1 H:\Program Files (x86)\*.tmp files -> H:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/20 20:26:21 | 1153,433,600 | ---- | M] () -- H:\RAMDisk.img

[2012/11/20 20:26:19 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat

[2012/11/20 20:25:11 | 000,000,890 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/20 20:05:02 | 000,717,976 | ---- | M] () -- H:\Windows\System32\perfh009.dat

[2012/11/20 20:05:02 | 000,140,468 | ---- | M] () -- H:\Windows\System32\perfc009.dat

[2012/11/20 13:30:18 | 000,006,632 | ---- | M] () -- H:\bootsqm.dat

[2012/11/20 12:28:53 | 000,001,021 | ---- | M] () -- H:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LinkStash.lnk

[2012/11/19 16:35:59 | 000,001,599 | ---- | M] () -- H:\Users\Glen\Desktop\mbam.exe.lnk

[2012/11/19 16:21:13 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/13 11:50:57 | 000,015,984 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/13 11:50:57 | 000,015,984 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/13 00:44:00 | 000,000,830 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/13 00:07:00 | 000,000,894 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/12 12:21:07 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/11/08 00:03:38 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/11/06 17:44:52 | 000,001,289 | ---- | M] () -- H:\Users\Glen\Desktop\Windows Explorer.lnk

[2012/11/05 19:24:26 | 000,001,187 | ---- | M] () -- H:\Users\Glen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

[2012/11/05 19:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

[2012/11/03 18:13:01 | 000,000,328 | ---- | M] () -- H:\Windows\tasks\HPCeeScheduleForGlen.job

[2012/11/02 20:40:48 | 000,001,246 | ---- | M] () -- H:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk

[2012/11/02 20:40:48 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician

[2012/11/02 20:21:27 | 000,001,836 | ---- | M] () -- H:\Users\Glen\Desktop\SpeedFan.lnk

[2012/11/02 20:20:57 | 000,001,293 | ---- | M] () -- H:\Users\Glen\Desktop\DNSBench.lnk

[2012/11/02 20:20:20 | 000,002,025 | ---- | M] () -- H:\Users\Glen\Desktop\ColorCopy.lnk

[2012/11/02 20:18:29 | 000,002,108 | ---- | M] () -- H:\Users\Glen\Desktop\Task Mgr.lnk

[2012/11/02 20:16:01 | 000,001,603 | ---- | M] () -- H:\Users\Glen\Desktop\Disk Mgr.lnk

[2012/11/02 20:11:41 | 000,001,733 | ---- | M] () -- H:\Users\Glen\Desktop\My Calendar.lnk

[2012/11/02 20:09:41 | 000,002,139 | ---- | M] () -- H:\Users\Glen\Desktop\I QUIT.lnk

[2012/11/02 20:03:30 | 000,002,481 | ---- | M] () -- H:\Users\Glen\Desktop\Rx Refill.lnk

[2012/11/02 20:02:57 | 000,002,193 | ---- | M] () -- H:\Users\Glen\Desktop\Monthly Bills.lnk

[2012/11/02 19:57:51 | 000,000,930 | ---- | M] () -- H:\Users\Glen\Desktop\Control Panel.lnk

[2012/11/02 19:57:06 | 000,001,339 | ---- | M] () -- H:\Users\Glen\Desktop\Printers.lnk

[2012/11/02 18:21:26 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell

[2012/10/25 22:36:38 | 000,001,164 | ---- | M] () -- H:\Users\Glen\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/25 22:22:47 | 000,444,707 | R--- | M] () -- H:\Windows\System32\drivers\etc\hosts

[2012/10/25 05:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- H:\Windows\SysWow64\QuickTimeVR.qtx

[2012/10/25 05:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- H:\Windows\SysWow64\QuickTime.qts

[1 H:\Program Files (x86)\*.tmp files -> H:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/20 13:30:18 | 000,006,632 | ---- | C] () -- H:\bootsqm.dat

[2012/11/19 16:35:59 | 000,001,599 | ---- | C] () -- H:\Users\Glen\Desktop\mbam.exe.lnk

[2012/11/05 19:24:26 | 000,001,187 | ---- | C] () -- H:\Users\Glen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

[2012/11/02 17:19:55 | 000,001,289 | ---- | C] () -- H:\Users\Glen\Desktop\Windows Explorer.lnk

[2012/08/18 20:56:13 | 000,079,872 | ---- | C] () -- H:\Windows\SysWow64\ff_vfw.dll

[2012/06/11 11:50:16 | 000,204,952 | ---- | C] () -- H:\Windows\SysWow64\ativvsvl.dat

[2012/06/11 11:50:16 | 000,157,144 | ---- | C] () -- H:\Windows\SysWow64\ativvsva.dat

[2012/05/02 16:58:10 | 000,029,184 | ---- | C] () -- H:\Windows\SysWow64\kdbsdk32.dll

[2012/04/15 13:54:54 | 002,469,760 | ---- | C] () -- H:\Windows\SysWow64\BootMan.exe

[2012/04/15 13:54:54 | 000,086,408 | ---- | C] () -- H:\Windows\SysWow64\setupempdrv03.exe

[2012/04/15 13:54:54 | 000,019,840 | ---- | C] () -- H:\Windows\SysWow64\EuEpmGdi.dll

[2012/04/15 13:54:54 | 000,014,216 | ---- | C] () -- H:\Windows\SysWow64\epmntdrv.sys

[2012/04/15 13:54:54 | 000,008,456 | ---- | C] () -- H:\Windows\SysWow64\EuGdiDrv.sys

[2012/04/02 23:49:29 | 000,000,614 | ---- | C] () -- H:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011/11/06 20:06:19 | 000,000,069 | ---- | C] () -- H:\Windows\NeroDigital.ini

[2011/10/25 23:21:34 | 000,056,832 | ---- | C] () -- H:\Windows\SysWow64\OVDecoder.dll

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat

[2011/03/22 16:28:07 | 000,000,621 | ---- | C] () -- H:\Users\Glen\AppData\Roaming\Network Monitor II_Settings.ini

[2011/02/25 01:05:22 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll

[2010/12/20 17:02:11 | 000,000,193 | ---- | C] () -- H:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

[2010/12/01 01:10:15 | 000,023,140 | ---- | C] () -- H:\Windows\hpqins15.dat

[2010/07/02 22:33:13 | 000,851,992 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI

[2010/06/14 13:21:00 | 000,000,061 | ---- | C] () -- H:\Windows\VSWizard.ini

[2010/06/02 13:28:29 | 000,000,848 | -HS- | C] () -- H:\ProgramData\KGyGaAvL.sys

[2010/05/14 00:45:35 | 000,477,057 | ---- | C] () -- H:\Windows\hphins29.dat.temp

[2010/05/14 00:45:35 | 000,000,724 | ---- | C] () -- H:\Windows\hphmdl29.dat.temp

[2010/05/09 23:03:32 | 000,007,646 | ---- | C] () -- H:\Users\Glen\AppData\Local\resmon.resmoncfg

[2010/05/06 04:02:39 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat

[2009/04/01 12:48:16 | 000,053,478 | ---- | C] () -- H:\Windows\mvtcpui.ini

[2008/02/01 02:48:00 | 000,040,960 | ---- | C] () -- H:\Windows\sucdapi.dll

[2002/09/11 09:26:52 | 000,063,730 | ---- | C] () -- H:\Program Files (x86)\viewsonicinstruct_xp.pdf

[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- H:\Windows\SysWow64\DOCOBJ.DLL

[1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- H:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2010/08/22 15:56:32 | 000,000,000 | ---D | M] -- H:\ProgramData\AJC Software

[2012/11/12 12:21:18 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD

[2011/05/08 17:08:49 | 000,000,000 | ---D | M] -- H:\ProgramData\AmUStor

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data

[2011/12/08 18:33:55 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonBJ

[2011/12/08 18:47:04 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonEPP

[2011/12/08 18:51:48 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJEGV

[2011/12/08 18:47:04 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJEPPEX2

[2011/12/08 18:36:06 | 000,000,000 | ---D | M] -- H:\ProgramData\CanonIJMSetup

[2012/01/26 14:27:55 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJScan

[2011/12/08 18:35:53 | 000,000,000 | ---D | M] -- H:\ProgramData\CanonIJWSpt

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents

[2010/12/19 18:37:33 | 000,000,000 | ---D | M] -- H:\ProgramData\Driver Whiz

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites

[2012/09/15 17:26:23 | 000,000,000 | ---D | M] -- H:\ProgramData\Futuremark

[2010/08/22 15:54:18 | 000,000,000 | ---D | M] -- H:\ProgramData\IsolatedStorage

[2010/10/29 13:56:04 | 000,000,000 | ---D | M] -- H:\ProgramData\Karen's Power Tools

[2010/07/09 21:06:54 | 000,000,000 | ---D | M] -- H:\ProgramData\LightScribe

[2011/11/08 15:06:47 | 000,000,000 | ---D | M] -- H:\ProgramData\Maxtor

[2010/05/28 16:13:58 | 000,000,000 | ---D | M] -- H:\ProgramData\MiK

[2010/08/31 18:23:49 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows

[2012/08/22 11:42:08 | 000,000,000 | ---D | M] -- H:\ProgramData\PCPitstop

[2011/05/31 19:27:03 | 000,000,000 | ---D | M] -- H:\ProgramData\PCSettings

[2012/11/20 13:15:12 | 000,000,000 | ---D | M] -- H:\ProgramData\Recovery

[2012/10/16 20:37:16 | 000,000,000 | ---D | M] -- H:\ProgramData\Samsung

[2010/10/20 15:58:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Seagate

[2012/04/05 11:53:40 | 000,000,000 | ---D | M] -- H:\ProgramData\Soluto

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu

[2011/08/10 11:02:29 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp

[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates

[2012/05/18 23:11:05 | 000,000,000 | ---D | M] -- H:\ProgramData\TP-LINK

[2010/05/06 04:30:38 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent

[2011/10/26 22:24:51 | 000,000,000 | ---D | M] -- H:\ProgramData\WinZip

[2012/08/19 16:18:24 | 000,000,000 | ---D | M] -- H:\ProgramData\Zoom Player

[2010/05/06 04:21:56 | 000,000,000 | ---D | M] -- H:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D}

[2012/10/05 18:28:50 | 000,000,456 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job

[2012/10/11 12:02:00 | 000,032,572 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< :OTL >

< O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >

< O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O3 - HKU\Glen_ON_H\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. >

< O4 - HKU\Glen_ON_H..\Run: [svñhîst] File not found >

< O4 - HKU\DefaultAppPool_ON_H..\RunOnce: [mctadmin] File not found >

< O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found >

< O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found >

< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >

< 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found >

< 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found >

< [1 H:\Program Files (x86)\*.tmp files -> H:\Program Files (x86)\*.tmp -> ] >

< [2011/11/11 00:21:20 | 000,000,088 | ---- | M] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ >

Invalid Switch: 11 00:21:20 | 000,000,088 | ---- | M] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ

< [2011/11/11 00:21:20 | 000,000,088 | ---- | C] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ >

Invalid Switch: 11 00:21:20 | 000,000,088 | ---- | C] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ

< @Alternate Data Stream - 121 bytes -> H:\ProgramData\Temp:CF778051 >

========== Files - Unicode (All) ==========

[2011/11/11 00:21:20 | 000,000,088 | ---- | M] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ

[2011/11/11 00:21:20 | 000,000,088 | ---- | C] ()(H:\Windows\SysWow64\?XÑ) -- H:\Windows\SysWow64\XÑ

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> H:\ProgramData\Temp:CF778051

< End of report >

Link to post
Share on other sites

Sorry to be dumb about this, but notepad has several encoding formats - should it be Unicode?

No ANSI

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You did something wrong, because the fix didn't run.

This has to be copied and pasted into the Custom Scans/Fixes box of OTLPE:

:OTL

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\Glen_ON_I\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4 - HKU\Glen_ON_I..\Run: [svñhîst] File not found

O4 - HKU\DefaultAppPool_ON_I..\RunOnce: [mctadmin] File not found

O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] File not found

O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

[1 I:\Program Files (x86)\*.tmp files -> I:\Program Files (x86)\*.tmp -> ]

[2011/11/11 00:21:20 | 000,000,088 | ---- | M] ()(I:\Windows\SysWow64\?XÑ) -- I:\Windows\SysWow64\XÑ

[2011/11/11 00:21:20 | 000,000,088 | ---- | C] ()(I:\Windows\SysWow64\?XÑ) -- I:\Windows\SysWow64\XÑ

@Alternate Data Stream - 121 bytes -> I:\ProgramData\Temp:CF778051

...and then you click on Run Fix.

Please try it again. MrC

Link to post
Share on other sites

Sorry about my mess up - here is the log:

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_USERS\Glen_ON_I\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\Glen_ON_I\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

Registry key HKEY_USERS\Glen_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.

Registry key HKEY_USERS\DefaultAppPool_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.

Registry key HKEY_USERS\LocalService_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.

Registry key HKEY_USERS\NetworkService_ON_I\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

I:\Program Files (x86)\GUMFFB8.tmp folder deleted successfully.

File I:\Windows\SysWow64\?XÑ not found.

File I:\Windows\SysWow64\?XÑ not found.

ADS I:\ProgramData\Temp:CF778051 deleted successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 11212012_111649

Link to post
Share on other sites

Now, the main monitor is covered by a plain light-gray screen. I did a crtl-alt-del and the task manager came up in the other monitor. Only one task is running: svnhist - the n and the i both have marks above them. I did not end the task & still have the task mgr on screen - waiting for your instruction.

Link to post
Share on other sites

Ended the malware task which removed the 'gray shield.' I have a couple of Gadgets located on that monitor and they are working correctly (a clock and a monitor); but, the Start Menu and all icons are missing. Also, my Desktop picture that should appear on all 3 monitors is missing.

Link to post
Share on other sites

So we're making some progress? Try not to reboot the computer.

Running unhide may restore some of the missing items:

http://www.smartestc...ted-by-a-virus/

After you run unhide see if you can download and run ComboFix:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

We are making progress thanks to you. And, I sure don't want to reboot either - no re-infections!

My problem is getting anything to run. I downloaded UNHIDE to my flash drive, but when I plug it into the patient, the flash drive's led blinks a few times but no popup appears so I can access it. Without Start menu or Win Explorer, I don't know how to run the program.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.