Author Topic: Trojan Help (Read 1730 times)

Kovu93 · « **on:** February 16, 2010, 08:40:50 PM »

Hi...my sister got a Trojan on her laptop. She has Vista, which I am not farmiliar with so I am having some problems that may be due to my lack of experience with this version of Windows...Anyhow...I want to post a HijackThis log for you, but I can't seem to download and run the program. The download box dissappears before I can open the folder it saves to, and even searching the computer for the program yields nothing. It dosn't give me the option to choose where to save it (like the desktop). Just choosing Run does nothing. Suggestions?

guestolo · « **Reply #1 on:** February 16, 2010, 08:44:10 PM »

Try the following instead

Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Under the Custom Scan box paste this in, the contents in Blue

[color=\"#0000FF\"]netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]

Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

Kovu93 · « **Reply #2 on:** February 16, 2010, 08:51:00 PM »

Same problem. Download box just finishes and disappears and no program to be found. I should add that I downloaded and ran both Mbam and Combofix earlier with no issues...I was trying to follow instructions you had given to others with similar problems. Here is the Combofix log.

ComboFix 10-02-16.01 - Gene 02/16/2010 19:31:42.1.2 - x86
MicrosoftÂ® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2167 [GMT -5:00]
Running from: c:\users\Gene\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Antispyware *enabled* (Updated) {642A5A16-B956-45A7-998B-D2F20243DB19}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3770176633-4205416643-3079414755-500
c:\$recycle.bin\S-1-5-21-887830674-1099521119-1607702022-500
c:\program files\Antispyware
c:\program files\Antispyware\Antispyware.url
c:\program files\Antispyware\DataBase.ref
c:\program files\Antispyware\vistaCPtasks.xml
c:\windows\system32\KBL.LOG
c:\windows\system32\oem19.inf
c:\windows\system32\oem4.inf

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!WINDOWS!System32!drivers!atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-16 22:03 . 2010-02-16 22:03 -------- d-----w- c:\users\Gene\AppData\Roaming\Malwarebytes
2010-02-16 22:03 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 22:03 . 2010-02-16 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 22:03 . 2010-02-16 22:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-16 22:03 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-08 00:59 . 2010-02-16 18:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-08 00:59 . 2010-02-08 01:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-07 03:11 . 2010-02-07 03:11 -------- d-----w- c:\program files\MemTurbo 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 00:44 . 2008-09-09 19:14 -------- d-----w- c:\users\Gene\AppData\Roaming\OpenOffice.org2
2010-02-16 22:30 . 2009-10-03 12:54 -------- d-----w- c:\users\Gene\AppData\Roaming\Antispyware
2010-02-16 18:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-16 18:11 . 2009-02-17 22:45 27744 ----a-w- c:\programdata\nvModes.dat
2010-02-16 17:46 . 2008-09-09 18:30 -------- d-----w- c:\programdata\Google Updater
2010-02-10 22:23 . 2008-11-23 01:35 -------- d-----w- c:\users\Gene\AppData\Roaming\LimeWire
2010-02-07 03:11 . 2009-05-31 13:50 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-02-05 15:48 . 2008-09-09 18:24 -------- d-----w- c:\program files\Google
2010-02-05 03:48 . 2010-02-05 03:48 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD84C.tmp.exe
2010-01-14 16:12 . 2009-10-02 17:20 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 15:25 . 2010-01-12 15:25 -------- d-----w- c:\programdata\WindowsSearch
2010-01-08 14:22 . 2010-01-08 14:22 -------- d-----w- c:\program files\LimeWire
2009-12-28 12:35 . 2010-02-13 04:55 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-13 04:55 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-13 04:55 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-13 04:55 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-13 04:55 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-13 04:55 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-13 04:55 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-13 04:55 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-13 04:55 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-13 04:55 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-19 15:51 . 2008-09-09 05:48 80744 ----a-w- c:\users\Gene\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-19 08:09 . 2008-05-03 04:13 -------- d-----w- c:\programdata\Microsoft Help
2009-12-18 13:05 . 2010-01-22 05:54 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 05:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 05:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-13 04:55 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-13 04:55 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-13 04:55 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-04 23:31 . 2009-12-04 23:31 0 ----a-w- c:\users\Gene\AppData\Roaming\wklnhst.dat
2009-12-04 16:12 . 2010-02-13 04:55 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-13 04:55 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-24 22:08 . 2009-11-24 22:08 212992 ----a-w- c:\users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ztrikfby.exe
2009-11-24 22:08 . 2009-11-24 22:08 212992 ---h--w- c:\users\Gene\AppData\Local\ztrikfby.exe
2009-11-24 21:58 . 2009-11-24 21:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8E98.tmp.exe
2008-09-12 19:58 . 2008-09-12 19:58 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 19:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-09 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-21 2043160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-2-6 3121760]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
ppgqvpzo.exe [2009-5-27 192512]
ztrikfby.exe [2009-11-24 212992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/9/2008 4:13 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2/2/2009 12:16 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/9/2008 4:13 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/9/2008 4:13 PM 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 3:41 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-09 18:04]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 20:41]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 20:41]

2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{A45C15D0-CCA1-4100-A269-15832388DEED}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Gene\AppData\Roaming\Mozilla\Firefox\Profiles\vj7cqpay.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Edwhvjac - c:\users\Gene\Local Settings\Application Data\ztrikfby.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-887830674-1099521119-1607702022-1000\Â¬ Ã®**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:42,5d,6f,4a,66,00,c2,00
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4292)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppgqvpzo.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\users\gene\appdata\local\temp\tswz4o7v1.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-02-16 19:49:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-17 00:49

Pre-Run: 155,901,337,600 bytes free
Post-Run: 155,745,054,720 bytes free

- - End Of File - - 906955799FB11E7BB3DD6E60EA39E173

guestolo · « **Reply #3 on:** February 16, 2010, 09:14:48 PM »

I don't want to leave you without Virus protection, but I see others having problems with older versions of AVG and Internet Explorer
Since your copy of AVG is outdated, can we do the following

Please disable SpybotSD TeaTimer, as it may interfere with our cleaning
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Uninstall AVG8 free edition from 'Programs and Features' found with Windows Control Panel
Ensure to reboot the computer once you have removed it

Afterwards: Come back here and try the steps I posted with OTL.exe above

Kovu93 · « **Reply #4 on:** February 16, 2010, 10:09:51 PM »

OK that did the trick here are the two logs. I will not be able to check for your response till I get home from work tomorrow. Thank you for the quick responses so far

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

OTL logfile created on: 2/16/2010 9:52:56 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Gene\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.10 Gb Total Space | 145.97 Gb Free Space | 66.02% Space Free | Partition Type: NTFS
Drive D: | 11.78 Gb Total Space | 2.02 Gb Free Space | 17.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAYLO-LAPTOP
Current User Name: Gene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/02/16 21:52:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gene\Desktop\OTL.exe
PRC - [2010/02/16 21:49:47 | 000,002,560 | ---- | M] () -- c:\Users\Gene\AppData\Local\temp\tswzdf6j1.exe
PRC - [2009/11/24 17:08:12 | 000,212,992 | ---- | M] () -- C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ztrikfby.exe
PRC - [2009/07/24 14:52:02 | 003,121,760 | ---- | M] (SammSoft (www.sammsoft.com)) -- C:\Program Files\MemTurbo 4\MemTurbo.exe
PRC - [2009/05/27 08:53:46 | 000,192,512 | ---- | M] () -- C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppgqvpzo.exe
PRC - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe
PRC - [2008/11/10 12:23:40 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/15 01:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/10/01 18:57:12 | 000,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/01 18:57:00 | 000,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/10/01 13:06:14 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/09/09 13:30:17 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/01 19:10:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2008/06/16 07:02:28 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/05/29 21:43:38 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/05/29 21:43:36 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/01/20 21:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/18 06:31:32 | 000,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/01/18 06:31:22 | 001,033,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/12/19 21:28:34 | 000,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 21:28:34 | 000,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 21:27:50 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/11/06 01:50:44 | 000,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2007/11/02 20:12:50 | 000,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/11/02 18:44:16 | 000,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/19 20:46:08 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/14 20:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/10/01 18:10:48 | 001,783,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/09/19 16:31:34 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/09/13 10:47:52 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/04 15:54:20 | 000,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/07/10 09:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007/05/16 12:43:06 | 000,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/01/09 05:25:30 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/08 17:53:06 | 000,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/05/02 17:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/02/16 21:52:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gene\Desktop\OTL.exe
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/12/18 15:41:26 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/04/06 13:04:38 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/10 12:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 12:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/01 18:57:00 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 13:06:14 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/16 07:02:28 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 21:28:34 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 21:28:34 | 000,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/11/06 21:16:54 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/14 21:15:52 | 000,663,552 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/07/23 18:33:06 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/10 09:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 05:25:30 | 000,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 17:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/06/09 16:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/09 00:37:08 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/09/09 00:37:08 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:27 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 06:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/18 18:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mdmxsdk.sys -- (mdmxsdk)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/01 19:27:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/01 19:27:16 | 000,000,000 | ---D | M]

[2010/01/08 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Extensions
[2010/01/08 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/05/31 08:50:17 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\extensions
[2009/05/31 08:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/01/01 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\Profiles\vj7cqpay.default\extensions
[2010/01/01 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\Profiles\vj7cqpay.default\extensions\staged-xpis
[2010/01/01 19:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/16 19:42:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com))
O4 - Startup: C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppgqvpzo.exe ()
O4 - Startup: C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ztrikfby.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gene\Desktop\18864_1230619889006_1334370883_31202516_1696539_n.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gene\Desktop\18864_1230619889006_1334370883_31202516_1696539_n.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/02 23:02:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2008/01/20 21:34:27 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/02/16 21:52:04 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Gene\Desktop\OTL.exe
[2010/02/16 19:42:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/02/16 19:39:22 | 000,000,000 | ---D | C] -- C:\Users\Gene\AppData\Local\temp
[2010/02/16 19:24:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/16 19:24:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/16 19:24:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/16 19:15:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/16 19:14:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/16 19:11:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/16 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\Gene\AppData\Roaming\Malwarebytes
[2010/02/16 17:03:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/16 17:03:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/16 17:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/16 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/12 23:55:30 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/12 23:55:29 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/12 23:55:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/12 23:55:29 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/12 23:55:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/02/07 19:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/07 19:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/06 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2010/01/22 00:54:08 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/01/22 00:54:07 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 00:54:07 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 00:54:06 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/01/22 00:54:06 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/01/22 00:54:06 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 00:54:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 00:54:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/01/22 00:54:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/01/22 00:54:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 00:54:03 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2007/07/04 20:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/02/16 21:54:22 | 006,291,456 | -HS- | M] () -- C:\Users\Gene\NTUSER.DAT
[2010/02/16 21:52:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gene\Desktop\OTL.exe
[2010/02/16 21:49:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A45C15D0-CCA1-4100-A269-15832388DEED}.job
[2010/02/16 21:49:45 | 000,000,824 | ---- | M] () -- C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/02/16 21:49:41 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/16 21:49:41 | 000,001,594 | ---- | M] () -- C:\Users\Gene\Desktop\Clean Registry for Free!.lnk
[2010/02/16 21:49:34 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/16 21:49:33 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/02/16 21:49:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/16 21:47:02 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/16 21:47:02 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/16 21:47:02 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/16 21:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/16 21:43:44 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/16 21:40:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/16 21:40:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/16 21:39:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/16 21:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/16 21:39:33 | 3152,945,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/16 21:38:49 | 000,524,288 | -HS- | M] () -- C:\Users\Gene\NTUSER.DAT{98092831-3dc2-11de-aa51-001e686600c2}.TMContainer00000000000000000001.regtrans-ms
[2010/02/16 21:38:49 | 000,065,536 | -HS- | M] () -- C:\Users\Gene\NTUSER.DAT{98092831-3dc2-11de-aa51-001e686600c2}.TM.blf
[2010/02/16 21:38:24 | 006,291,456 | -H-- | M] () -- C:\Users\Gene\AppData\Local\IconCache.db
[2010/02/16 20:43:52 | 000,000,836 | ---- | M] () -- C:\Users\Gene\Desktop\ComboFix - Shortcut.lnk
[2010/02/16 19:42:39 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/16 19:42:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/16 17:03:40 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 20:00:06 | 000,001,055 | ---- | M] () -- C:\Users\Gene\Desktop\Spybot - Search & Destroy.lnk
[2010/02/06 22:11:48 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\MemTurbo - PC Optimizer.lnk
[2010/02/05 19:01:18 | 000,015,458 | ---- | M] () -- C:\Users\Gene\Desktop\18864_1230619889006_1334370883_31202516_1696539_n.jpg
[2010/02/05 10:49:08 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/02/16 20:43:52 | 000,000,836 | ---- | C] () -- C:\Users\Gene\Desktop\ComboFix - Shortcut.lnk
[2010/02/16 19:24:49 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/16 19:24:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/16 19:24:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/16 19:24:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/16 19:24:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/16 17:03:40 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 12:42:52 | 3152,945,152 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/07 20:00:06 | 000,001,055 | ---- | C] () -- C:\Users\Gene\Desktop\Spybot - Search & Destroy.lnk
[2010/02/06 22:12:01 | 000,001,594 | ---- | C] () -- C:\Users\Gene\Desktop\Clean Registry for Free!.lnk
[2010/02/06 22:11:48 | 000,000,824 | ---- | C] () -- C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/02/06 22:11:48 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\MemTurbo - PC Optimizer.lnk
[2010/02/05 19:01:53 | 000,015,458 | ---- | C] () -- C:\Users\Gene\Desktop\18864_1230619889006_1334370883_31202516_1696539_n.jpg
[2010/02/05 10:49:08 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/04 18:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Gene\AppData\Roaming\wklnhst.dat
[2009/11/24 17:08:14 | 000,212,992 | -H-- | C] () -- C:\Users\Gene\AppData\Local\ztrikfby.exe
[2009/11/13 22:31:44 | 000,000,680 | ---- | C] () -- C:\Users\Gene\AppData\Local\d3d9caps.dat
[2009/06/09 16:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/02/17 17:45:14 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/17 17:45:14 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/11 16:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/09/23 11:24:04 | 000,027,240 | ---- | C] () -- C:\Users\Gene\AppData\Roaming\nvModes.001
[2008/09/14 15:35:16 | 000,027,240 | ---- | C] () -- C:\Users\Gene\AppData\Roaming\nvModes.dat
[2008/09/14 15:28:45 | 000,031,232 | ---- | C] () -- C:\Users\Gene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 00:48:24 | 000,000,000 | ---- | C] () -- C:\Users\Gene\AppData\Local\QSwitch.txt
[2008/09/09 00:48:24 | 000,000,000 | ---- | C] () -- C:\Users\Gene\AppData\Local\DSwitch.txt
[2008/09/09 00:48:24 | 000,000,000 | ---- | C] () -- C:\Users\Gene\AppData\Local\AtStart.txt
[2008/05/03 00:00:22 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/02 23:17:45 | 000,001,552 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/19 14:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=\"#E56717\"]========== Custom Scans ==========[/color]

[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]

[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\ERDNT\cache\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[color=\"#A23BEC\"]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2007/01/13 00:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

[color=\"#A23BEC\"]< MD5 for: IASTORV.SYS >[/color]
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\System32\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=\"#A23BEC\"]< MD5 for: NVSTOR.SYS >[/color]
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\System32\scecli.dll
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/01/20 21:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll
[2008/01/20 21:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll
[2008/01/20 21:24:26 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\eventcls.dll
[2008/01/20 21:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2008/01/20 21:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV
< End of report >

Kovu93 · « **Reply #5 on:** February 16, 2010, 10:11:06 PM »

OTL Extras logfile created on: 2/16/2010 9:52:56 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Gene\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.10 Gb Total Space | 145.97 Gb Free Space | 66.02% Space Free | Partition Type: NTFS
Drive D: | 11.78 Gb Total Space | 2.02 Gb Free Space | 17.16% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAYLO-LAPTOP
Current User Name: Gene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=\"#E56717\"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=\"#E56717\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" =
"FirewallDisableNotify" = 0
"FirewallOverride" =
"FirstRunDisabled" =
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=\"#E56717\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

[color=\"#E56717\"]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=\"#E56717\"]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21820713-CDEB-4F4F-88B8-769792D2B4E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2CBBF77F-A373-46F3-A8E7-2AD83A39CEFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4ECD73A8-EC5D-4E9F-8F0D-F9FC3CB1943D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{513F59A4-FA5D-460E-A26D-8C0C97528BDF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5192A555-459B-47F0-9B73-9CE3436D62FB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{65387EA3-A8D4-478B-B8CA-F69B531E9A5E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6A06401D-E436-4506-9E40-F1B86C40816C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{81F3746A-3F9D-470B-B43A-15BAA975993B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{835CBF3C-F499-4289-889B-5637356CE5D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85AB38BF-0802-4F69-A3EB-F8D4B152AB08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9500CBCF-798A-4A69-A595-CD0434BE843E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A1B5F65D-A3B2-4B3D-8ADB-05E897E9E411}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A2408CBB-CA1C-49CC-90AE-286978A8DFA6}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C770540C-50C6-451F-BF5D-4AC4EB23AB49}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CB2B3ACC-40A7-4301-90A0-C2CEA5D0AA7E}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{DCD5811A-A7CD-46D6-AB75-C244BCFD46D8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F08BB528-7854-47D7-BF8E-8A14E039157F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{065FE0B8-2D00-4DA2-B660-E6E6A3A559BE}C:\users\gene\appdata\local\temp\soexh4tjita.exe" = protocol=6 | dir=in | app=c:\users\gene\appdata\local\temp\soexh4tjita.exe |
"TCP Query User{17F306A8-BCDD-4B41-82AF-F83D83E38907}C:\users\gene\appdata\local\temp\soexi4uw6qa.exe" = protocol=6 | dir=in | app=c:\users\gene\appdata\local\temp\soexi4uw6qa.exe |
"TCP Query User{1CB45AA9-1530-4C8C-8158-13D065D34192}C:\users\gene\appdata\local\temp\soexkvsgp5a.exe" = protocol=6 | dir=in | app=c:\users\gene\appdata\local\temp\soexkvsgp5a.exe |
"TCP Query User{200123E7-ABA1-4269-B299-CE7AEFDFCAD6}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{22CEACBB-E8B5-4E06-802B-7F6E4055341C}C:\users\gene\appdata\local\temp\soex35mc9oa.exe" = protocol=6 | dir=in | app=c:\users\gene\appdata\local\temp\soex35mc9oa.exe |
"TCP Query User{24872ABC-82E4-4BF2-8163-96CF9112B7A3}C:\users\gene\appdata\local\temp\soexf3yayva.exe" = protocol=6 | dir=in | app=c:\users\gene\appdata\local\temp\soexf3yayva.exe |
"TCP Query User{2FDA0114-A5EE-4C44-8BC4-644527591311}C:\users\gene\appdata\local\temp\soexio64i2a.exe" = protocol=6 | dir=in | app=c:\users\gene\appdata\local\temp\soexio64i2a.exe |
"TCP Query User{3EEBA6A2-81B9-46C8-B9E9-D0E979A2198C}C:\users\gene\appdata\local\temp\soex9odrfca.exe" = protocol=6 | dir=in | app=c:\users\gene\appdata\local\temp\soex9odrfca.exe |
"TCP Query User{42DC26DD-C099-4D17-B06C-3564823F79D6}C:\users\gene\appdata\local\temp\soexky3hqba.exe" = protocol=6 | dir=in | app=c:\users\gene\appdata\local\temp\soexky3hqba.exe |
"UDP Query User{1232F066-0569-4898-899C-DBFE1F261450}C:\users\gene\appdata\local\temp\soexf3yayva.exe" = protocol=17 | dir=in | app=c:\users\gene\appdata\local\temp\soexf3yayva.exe |
"UDP Query User{20D7BB11-11EC-4EEC-8470-9ABFE8C7845B}C:\users\gene\appdata\local\temp\soex35mc9oa.exe" = protocol=17 | dir=in | app=c:\users\gene\appdata\local\temp\soex35mc9oa.exe |
"UDP Query User{23CCE74F-0F52-4C0D-9030-721993496644}C:\users\gene\appdata\local\temp\soexh4tjita.exe" = protocol=17 | dir=in | app=c:\users\gene\appdata\local\temp\soexh4tjita.exe |
"UDP Query User{2C030720-B53A-4626-B5D6-60B6CEEE2A39}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{5DF8E003-1B90-43C4-8F84-02D9215EA136}C:\users\gene\appdata\local\temp\soexkvsgp5a.exe" = protocol=17 | dir=in | app=c:\users\gene\appdata\local\temp\soexkvsgp5a.exe |
"UDP Query User{68103269-92AB-4D3E-BCD7-2D2F657F0445}C:\users\gene\appdata\local\temp\soex9odrfca.exe" = protocol=17 | dir=in | app=c:\users\gene\appdata\local\temp\soex9odrfca.exe |
"UDP Query User{BE7B0B6D-2916-4D08-B5A3-0D00F72E4100}C:\users\gene\appdata\local\temp\soexio64i2a.exe" = protocol=17 | dir=in | app=c:\users\gene\appdata\local\temp\soexio64i2a.exe |
"UDP Query User{CF19D1F7-12DC-46B2-9BD9-9E519496B2BC}C:\users\gene\appdata\local\temp\soexky3hqba.exe" = protocol=17 | dir=in | app=c:\users\gene\appdata\local\temp\soexky3hqba.exe |
"UDP Query User{D14AC77A-A5E5-466F-920F-D4DF0CB5D1B9}C:\users\gene\appdata\local\temp\soexi4uw6qa.exe" = protocol=17 | dir=in | app=c:\users\gene\appdata\local\temp\soexi4uw6qa.exe |

[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Simsâ„¢ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(tm) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(tm) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(tm) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AIM_6" = AIM 6
"Ask Toolbar_is1" = Ask Toolbar
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Updater" = Google Updater
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zune" = Zune

[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2/16/2010 8:07:19 PM | Computer Name = Taylo-Laptop | Source = SPP | ID = 16387
Description =

Error - 2/16/2010 8:07:19 PM | Computer Name = Taylo-Laptop | Source = System Restore | ID = 8193
Description =

Error - 2/16/2010 8:07:44 PM | Computer Name = Taylo-Laptop | Source = SPP | ID = 16387
Description =

Error - 2/16/2010 8:07:44 PM | Computer Name = Taylo-Laptop | Source = System Restore | ID = 8193
Description =

Error - 2/16/2010 8:07:49 PM | Computer Name = Taylo-Laptop | Source = SPP | ID = 16387
Description =

Error - 2/16/2010 8:07:50 PM | Computer Name = Taylo-Laptop | Source = System Restore | ID = 8193
Description =

Error - 2/16/2010 8:30:38 PM | Computer Name = Taylo-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/16/2010 8:42:25 PM | Computer Name = Taylo-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 2/16/2010 8:46:36 PM | Computer Name = Taylo-Laptop | Source = Google Update | ID = 20
Description =

Error - 2/16/2010 8:53:59 PM | Computer Name = Taylo-Laptop | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 10/13/2008 6:35:54 PM | Computer Name = Taylo-Laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 1/13/2009 5:38:01 PM | Computer Name = Taylo-Laptop | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 2/5/2009 11:50:49 PM | Computer Name = Taylo-Laptop | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80092003 Error description: An error occurred while reading or writing to
a file. Signatures loading: %%825 Loading signature version: 1.51.124.0 Loading engine
version: 1.1.4306.0

Error - 2/6/2009 1:32:16 AM | Computer Name = Taylo-Laptop | Source = Service Control Manager | ID = 7011
Description =

Error - 2/8/2009 1:10:16 PM | Computer Name = Taylo-Laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 2/10/2009 2:03:41 PM | Computer Name = Taylo-Laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 2/11/2009 4:01:09 AM | Computer Name = Taylo-Laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 2/11/2009 4:12:26 AM | Computer Name = Taylo-Laptop | Source = HTTP | ID = 15016
Description =

Error - 2/11/2009 4:13:38 AM | Computer Name = Taylo-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 2/11/2009 4:14:03 AM | Computer Name = Taylo-Laptop | Source = Service Control Manager | ID = 7022
Description =

Error - 2/13/2009 4:49:20 PM | Computer Name = Taylo-Laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 2/14/2009 3:35:46 PM | Computer Name = Taylo-Laptop | Source = Service Control Manager | ID = 7034
Description =

< End of report >

guestolo · « **Reply #6 on:** February 16, 2010, 10:13:00 PM »

Quote

OK that did the trick here are the two logs. I will not be able to check for your response till I get home from work tomorrow.

Not a problem, I'm just going for dinner, so that gives me time to look over the logs afterwards
We'll ensure to get updated AVG 9 free later, if that's what they're comfortable with

guestolo · « **Reply #7 on:** February 17, 2010, 12:03:30 AM »

Let's try the following:
NOTE, if you have installed an updated version of AVG do not run this fix yet, I'll have to possibly adjust it
If you haven't installed another Virus scanner yet, continue with the following

Right click on OTL.exe and choose to "Run as Administrator"

Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
PRC - [2010/02/16 21:49:47 | 000,002,560 | ---- | M] () -- c:\Users\Gene\AppData\Local\temp\tswzdf6j1.exe
PRC - [2009/11/24 17:08:12 | 000,212,992 | ---- | M] () -- C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ztrikfby.exe
PRC - [2009/05/27 08:53:46 | 000,192,512 | ---- | M] () -- C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppgqvpzo.exe
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - Startup: C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppgqvpzo.exe ()
O4 - Startup: C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ztrikfby.exe ()
O20 - AppInit_DLLs: (C:\WINDOWS\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll File not found
[2009/11/24 17:08:14 | 000,212,992 | -H-- | C] () -- C:\Users\Gene\AppData\Local\ztrikfby.exe
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{065FE0B8-2D00-4DA2-B660-E6E6A3A559BE}C:\users\gene\appdata\local\temp\soexh4tjita.exe"=-
"TCP Query User{17F306A8-BCDD-4B41-82AF-F83D83E38907}C:\users\gene\appdata\local\temp\soexi4uw6qa.exe"=-
"TCP Query User{1CB45AA9-1530-4C8C-8158-13D065D34192}C:\users\gene\appdata\local\temp\soexkvsgp5a.exe"=-
"TCP Query User{22CEACBB-E8B5-4E06-802B-7F6E4055341C}C:\users\gene\appdata\local\temp\soex35mc9oa.exe"=-
"TCP Query User{24872ABC-82E4-4BF2-8163-96CF9112B7A3}C:\users\gene\appdata\local\temp\soexf3yayva.exe"=-
"TCP Query User{2FDA0114-A5EE-4C44-8BC4-644527591311}C:\users\gene\appdata\local\temp\soexio64i2a.exe"=-
"TCP Query User{3EEBA6A2-81B9-46C8-B9E9-D0E979A2198C}C:\users\gene\appdata\local\temp\soex9odrfca.exe"=-
"TCP Query User{42DC26DD-C099-4D17-B06C-3564823F79D6}C:\users\gene\appdata\local\temp\soexky3hqba.exe"=-
"UDP Query User{1232F066-0569-4898-899C-DBFE1F261450}C:\users\gene\appdata\local\temp\soexf3yayva.exe"=-
"UDP Query User{20D7BB11-11EC-4EEC-8470-9ABFE8C7845B}C:\users\gene\appdata\local\temp\soex35mc9oa.exe"=-
"UDP Query User{23CCE74F-0F52-4C0D-9030-721993496644}C:\users\gene\appdata\local\temp\soexh4tjita.exe"=-
"UDP Query User{5DF8E003-1B90-43C4-8F84-02D9215EA136}C:\users\gene\appdata\local\temp\soexkvsgp5a.exe"=-
"UDP Query User{68103269-92AB-4D3E-BCD7-2D2F657F0445}C:\users\gene\appdata\local\temp\soex9odrfca.exe"=-
"UDP Query User{BE7B0B6D-2916-4D08-B5A3-0D00F72E4100}C:\users\gene\appdata\local\temp\soexio64i2a.exe"=-
"UDP Query User{CF19D1F7-12DC-46B2-9BD9-9E519496B2BC}C:\users\gene\appdata\local\temp\soexky3hqba.exe"=-
"UDP Query User{D14AC77A-A5E5-466F-920F-D4DF0CB5D1B9}C:\users\gene\appdata\local\temp\soexi4uw6qa.exe"=-
:Files
:Commands
[EmptyTemp]
[Reboot]
Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it later please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition:
Go to the following link [color=\"#0000FF\"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take awhile, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

In addition, post that log from OTL.exe please

Kovu93 · « **Reply #8 on:** February 17, 2010, 04:51:46 PM »

Here is the OTL log, running the other scan now.

All processes killed
========== OTL ==========
No active process named tswzdf6j1.exe was found!
No active process named ztrikfby.exe was found!
No active process named ppgqvpzo.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ppgqvpzo.exe moved successfully.
C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ztrikfby.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\avgrsstx.dll deleted successfully.
C:\Users\Gene\AppData\Local\ztrikfby.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{065FE0B8-2D00-4DA2-B660-E6E6A3A559BE}C:\users\gene\appdata\local\temp\soexh4tjita.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{17F306A8-BCDD-4B41-82AF-F83D83E38907}C:\users\gene\appdata\local\temp\soexi4uw6qa.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1CB45AA9-1530-4C8C-8158-13D065D34192}C:\users\gene\appdata\local\temp\soexkvsgp5a.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{22CEACBB-E8B5-4E06-802B-7F6E4055341C}C:\users\gene\appdata\local\temp\soex35mc9oa.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{24872ABC-82E4-4BF2-8163-96CF9112B7A3}C:\users\gene\appdata\local\temp\soexf3yayva.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2FDA0114-A5EE-4C44-8BC4-644527591311}C:\users\gene\appdata\local\temp\soexio64i2a.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3EEBA6A2-81B9-46C8-B9E9-D0E979A2198C}C:\users\gene\appdata\local\temp\soex9odrfca.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{42DC26DD-C099-4D17-B06C-3564823F79D6}C:\users\gene\appdata\local\temp\soexky3hqba.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1232F066-0569-4898-899C-DBFE1F261450}C:\users\gene\appdata\local\temp\soexf3yayva.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{20D7BB11-11EC-4EEC-8470-9ABFE8C7845B}C:\users\gene\appdata\local\temp\soex35mc9oa.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{23CCE74F-0F52-4C0D-9030-721993496644}C:\users\gene\appdata\local\temp\soexh4tjita.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5DF8E003-1B90-43C4-8F84-02D9215EA136}C:\users\gene\appdata\local\temp\soexkvsgp5a.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{68103269-92AB-4D3E-BCD7-2D2F657F0445}C:\users\gene\appdata\local\temp\soex9odrfca.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BE7B0B6D-2916-4D08-B5A3-0D00F72E4100}C:\users\gene\appdata\local\temp\soexio64i2a.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CF19D1F7-12DC-46B2-9BD9-9E519496B2BC}C:\users\gene\appdata\local\temp\soexky3hqba.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D14AC77A-A5E5-466F-920F-D4DF0CB5D1B9}C:\users\gene\appdata\local\temp\soexi4uw6qa.exe deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gene
->Temp folder emptied: 442834 bytes
->Temporary Internet Files folder emptied: 17900063 bytes
->Java cache emptied: 8202 bytes
->FireFox cache emptied: 12255159 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17423 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb

OTL by OldTimer - Version 3.1.28.0 log created on 02172010_163929

Files\Folders moved on Reboot...
C:\Users\Gene\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Gene\AppData\Local\Temp\tswz3znf1.dll moved successfully.

Registry entries deleted on Reboot...

Kovu93 · « **Reply #9 on:** February 17, 2010, 06:38:31 PM »

Hmm the only thing in that ESET log is this...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

guestolo · « **Reply #10 on:** February 20, 2010, 02:59:13 PM »

Sorry for the delay, can you update Malwarebytes Antimalware and run a quick scan
Remove anything found and post it's log back here

Have you installed any AntiVirus software yet?
Do you know which one you want installed?

Kovu93 · « **Reply #11 on:** February 20, 2010, 07:20:41 PM »

Looks good. No I have not installed any antivirus yet, any reccomendations?

Malwarebytes' Anti-Malware 1.44
Database version: 3768
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

2/20/2010 7:15:47 PM
mbam-log-2010-02-20 (19-15-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 295740
Time elapsed: 1 hour(s), 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

guestolo · « **Reply #12 on:** February 20, 2010, 07:31:42 PM »

Why not try Avast5 free edition
http://www.avast.com/free-antivirus-download

Simply click on the "Download Now" button beside 'Multi-language 43mb
Save the installer to desktop

After installing, normally you can just set it to run a Quick Scan weekly thru settings
But can you have it run a Full System Scan please
Let me know if it finds anything, or comes clean
reboot after the scan

Can you reopen OTL.exe and run a Quick scan, post back it's new log
We'll just do some final cleanup afterwards

Kovu93 · « **Reply #13 on:** February 20, 2010, 10:20:19 PM »

Sounds good. I use Avast on my own system so I should be able to explain it to her...I will get the scans running and post results after work tomorrow.

Kovu93 · « **Reply #14 on:** February 21, 2010, 04:36:02 PM »

The Avast scan came up clean.

OTL logfile created on: 2/21/2010 4:24:50 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Gene\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.10 Gb Total Space | 146.04 Gb Free Space | 66.05% Space Free | Partition Type: NTFS
Drive D: | 11.78 Gb Total Space | 2.01 Gb Free Space | 17.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAYLO-LAPTOP
Current User Name: Gene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/02/16 21:52:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gene\Desktop\OTL.exe
PRC - [2010/02/11 13:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/24 14:52:02 | 003,121,760 | ---- | M] (SammSoft (www.sammsoft.com)) -- C:\Program Files\MemTurbo 4\MemTurbo.exe
PRC - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe
PRC - [2008/11/10 12:23:40 | 000,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/15 01:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/10/01 18:57:12 | 000,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/01 18:57:00 | 000,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/10/01 13:06:14 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/09/09 13:30:17 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/01 19:10:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2008/06/16 07:03:20 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/06/16 07:02:28 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/05/29 21:43:38 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/05/29 21:43:36 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/18 06:31:22 | 001,033,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/12/19 21:28:34 | 000,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 21:28:34 | 000,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 21:27:50 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/11/02 20:12:50 | 000,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/11/02 18:44:16 | 000,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/19 20:46:08 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/14 20:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/10/01 18:10:48 | 001,783,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
PRC - [2007/09/19 16:31:34 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/09/13 10:47:52 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/04 15:54:20 | 000,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/07/10 09:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007/05/16 12:43:06 | 000,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/01/09 05:25:30 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/08 17:53:06 | 000,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/05/02 17:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/02/16 21:52:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gene\Desktop\OTL.exe
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/18 15:41:26 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/04/06 13:04:38 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/10 12:23:50 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/11/10 12:23:42 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/01 18:57:00 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/10/01 13:06:14 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/16 07:02:28 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 21:28:34 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 21:28:34 | 000,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/11/06 21:16:54 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/14 21:15:52 | 000,663,552 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/07/23 18:33:06 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/10 09:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 05:25:30 | 000,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 17:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/01 19:27:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/01 19:27:16 | 000,000,000 | ---D | M]

[2010/01/08 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Extensions
[2010/01/08 09:23:18 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/05/31 08:50:17 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\extensions
[2009/05/31 08:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/01/01 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\Profiles\vj7cqpay.default\extensions
[2010/01/01 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Mozilla\Firefox\Profiles\vj7cqpay.default\extensions\staged-xpis
[2010/01/01 19:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/16 19:42:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com))
O4 - Startup: C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gene\Desktop\18864_1230619889006_1334370883_31202516_1696539_n.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gene\Desktop\18864_1230619889006_1334370883_31202516_1696539_n.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/02 23:02:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=\"#E56717\"]========== Files/Folders - Created Within 14 Days ==========[/color]

[2010/02/20 22:27:31 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/20 22:27:31 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/02/20 22:27:29 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/20 22:27:28 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/20 22:27:24 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/20 22:26:21 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/20 22:26:21 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/20 22:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/02/20 22:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/17 16:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/17 16:39:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/16 21:52:04 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Gene\Desktop\OTL.exe
[2010/02/16 19:42:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/02/16 19:39:22 | 000,000,000 | ---D | C] -- C:\Users\Gene\AppData\Local\temp
[2010/02/16 19:24:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/16 19:24:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/16 19:24:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/16 19:15:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/16 19:14:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/16 19:11:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/16 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\Gene\AppData\Roaming\Malwarebytes
[2010/02/16 17:03:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/16 17:03:35 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/16 17:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/16 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/07 19:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/07 19:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2007/07/04 20:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[color=\"#E56717\"]========== Files - Modified Within 14 Days ==========[/color]

[2010/02/21 16:26:41 | 006,291,456 | -HS- | M] () -- C:\Users\Gene\NTUSER.DAT
[2010/02/21 16:25:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A45C15D0-CCA1-4100-A269-15832388DEED}.job
[2010/02/21 16:24:17 | 000,000,824 | ---- | M] () -- C:\Users\Gene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/02/21 16:24:10 | 000,001,594 | ---- | M] () -- C:\Users\Gene\Desktop\Clean Registry for Free!.lnk
[2010/02/21 16:24:09 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/21 16:24:09 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/21 16:24:07 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/02/21 16:24:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/21 16:23:24 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/21 16:23:24 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/21 16:23:24 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/21 16:22:13 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/21 16:18:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 16:18:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 16:18:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/21 16:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/21 16:18:20 | 3152,928,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/21 16:17:37 | 000,524,288 | -HS- | M] () -- C:\Users\Gene\NTUSER.DAT{98092831-3dc2-11de-aa51-001e686600c2}.TMContainer00000000000000000001.regtrans-ms
[2010/02/21 16:17:37 | 000,065,536 | -HS- | M] () -- C:\Users\Gene\NTUSER.DAT{98092831-3dc2-11de-aa51-001e686600c2}.TM.blf
[2010/02/21 16:17:10 | 002,008,924 | -H-- | M] () -- C:\Users\Gene\AppData\Local\IconCache.db
[2010/02/21 06:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/20 22:27:32 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/20 22:27:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/02/20 22:25:35 | 044,696,968 | ---- | M] () -- C:\Users\Gene\Desktop\setup_av_free.exe
[2010/02/16 21:52:12 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Gene\Desktop\OTL.exe
[2010/02/16 20:43:52 | 000,000,836 | ---- | M] () -- C:\Users\Gene\Desktop\ComboFix - Shortcut.lnk
[2010/02/16 19:42:39 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/16 19:42:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/16 17:03:40 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/11 13:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/11 13:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/11 13:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/02/07 20:00:06 | 000,001,055 | ---- | M] () -- C:\Users\Gene\Desktop\Spybot - Search & Destroy.lnk

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/02/20 22:27:32 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/20 22:25:08 | 044,696,968 | ---- | C] () -- C:\Users\Gene\Desktop\setup_av_free.exe
[2010/02/16 20:43:52 | 000,000,836 | ---- | C] () -- C:\Users\Gene\Desktop\ComboFix - Shortcut.lnk
[2010/02/16 19:24:49 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/16 19:24:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/16 19:24:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/16 19:24:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/16 19:24:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/16 17:03:40 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 12:42:52 | 3152,928,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/07 20:00:06 | 000,001,055 | ---- | C] () -- C:\Users\Gene\Desktop\Spybot - Search & Destroy.lnk
[2009/12/04 18:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Gene\AppData\Roaming\wklnhst.dat
[2009/11/13 22:31:44 | 000,000,680 | ---- | C] () -- C:\Users\Gene\AppData\Local\d3d9caps.dat
[2009/06/09 16:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/02/17 17:45:14 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/17 17:45:14 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/11 16:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/09/23 11:24:04 | 000,027,240 | ---- | C] () -- C:\Users\Gene\AppData\Roaming\nvModes.001
[2008/09/14 15:35:16 | 000,027,240 | ---- | C] () -- C:\Users\Gene\AppData\Roaming\nvModes.dat
[2008/09/14 15:28:45 | 000,031,232 | ---- | C] () -- C:\Users\Gene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 00:48:24 | 000,000,000 | ---- | C] () -- C:\Users\Gene\AppData\Local\QSwitch.txt
[2008/09/09 00:48:24 | 000,000,000 | ---- | C] () -- C:\Users\Gene\AppData\Local\DSwitch.txt
[2008/09/09 00:48:24 | 000,000,000 | ---- | C] () -- C:\Users\Gene\AppData\Local\AtStart.txt
[2008/05/03 00:00:22 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/02 23:17:45 | 000,001,552 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/19 14:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=\"#E56717\"]========== LOP Check ==========[/color]

[2008/11/17 10:39:10 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\aAvgApi
[2010/02/16 17:30:59 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Antispyware
[2010/02/10 17:23:19 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\LimeWire
[2009/08/26 09:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\MSNInstaller
[2009/05/31 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\Gene\AppData\Roaming\Sammsoft
[2010/02/21 16:17:16 | 000,031,680 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/02/21 16:25:00 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A45C15D0-CCA1-4100-A269-15832388DEED}.job

[color=\"#E56717\"]========== Purity Check ==========[/color]

< End of report >

guestolo · « **Reply #15 on:** February 21, 2010, 08:59:48 PM »

Let's do some updating to your software, so that we can keep them up to date and secure

First however, let's remove ComboFix
Go to START>>In the Search box type Command
At the top of your Start Menu in the Search Results you should see Command Prompt appear, click on that then type in the Command window

[color=\"#FF0000\"]ComboFix /uninstall[/color]

Hit Enter on your keyboard, NOTE: there is a single space after the word ComboFix

Close down All browser windows, access Programs and Features with Windows Control Panel and uninstall the following
Javaâ„¢ 6 Update 2
Javaâ„¢ 6 Update 4
Javaâ„¢ 6 Update 7

Afterwards, keep your browser windows closed and uninstall
Ask Toolbar

In addition you can optionally uninstall the Yahoo toolbar if it's not needed
Too many toolbars can cause your browser to freeze

Let's ensure that Adobe Flash and Adobe Reader are updated and secured
Uninstall
Adobe Reader 8.1.3
Spelling Dictionaries Support For Adobe Reader 8
Don't bother trying to remove Flash, do the following instead
Go here and download the uninistaller for Flash
http://kb2.adobe.com/cps/141/tn_14157.html
Save the uninstaller to desktop
Ensure your Web Browsers are all closed
Right click on the uninstaller and choose to "Run as Admin"
Follow the prompts, it won't take long to run this tool

Open OTL.exe and click on the Cleanup button
Follow the prompts and allow the computer to reboot at the prompt
If you are not prompted to reboot, do so manually anyways

Back in Windows, Go to the following link in Internet Explorer
http://www.adobe.com/products/flashplayer/
UNTICK and toolbar or Security scan option and then proceed to install the latest version of Flash
Afterwards:
Let's get Firefox updated
Open Mozilla Firefox and choose HELP>>Check for Updates
Keep rechecking till it's right updated
Then use Firefox and again go to that Flash install link above and run the installer

[color=\"blue\"]Updating Java:[/color]

Download the latest version of Java Runtime Environment (JRE) .
Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)".
Click the "Download JRE" button to the right.
In the Window that opens, select Windows,>>Check the "agree" box and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Then from your desktop Right click on jre-6u18-windows-i586.exe that you downloaded, choose to "Run as Admin" to install the newest version.

Updating Adobe Reader
Go to the following link
http://get.adobe.com/reader/
Untick any option for additonal toolbar or other software, you just need Adobe Reader
Save the installer to desktop then run it
After you have successfully installed the new Adobe Reader
with AR open click on HELP>>Check for Updates
Just to ensure that Adobe Reader is right up to date

Afterwards. can you run Hijackthis and post it's log that opens please

Kovu93 · « **Reply #16 on:** February 21, 2010, 10:08:08 PM »

The Combofix uninstall command is not working, I even copy pasted it...

C:\Users\Gene>ComboFix /uninstall
'ComboFix' is not recognized as an internal or external command,
operable program or batch file.

guestolo · « **Reply #17 on:** February 21, 2010, 10:18:29 PM »

I just noticed you ran combofix from here
c:\users\Gene\Downloads\ComboFix.exe

Can you go and move ComboFix to your desktop
Then go to START>>RUN

Copy/paste the next command

ComboFix /uninstall
Let me know if that works for you

Kovu93 · « **Reply #18 on:** February 22, 2010, 05:05:22 PM »

I'm not sure how to move it without just making a short cut...copy paste + using the command did not work

Kovu93 · « **Reply #19 on:** February 22, 2010, 06:40:37 PM »

OK Hijackthis is giving me problems with 'access to Hosts files' it says with Vista to exit and 'run as administrator' but that is not even an option for the program like it has been with the other programs I was downloading and installing earlier as instructed in your last post.

News:

Author Topic: Trojan Help (Read 1730 times)