search engine redirect, and other malware

[Andy k]

Recently had an issue with some malware that I believe came from Search Preview extension for firefox. Malwarebytes took care of most of the problem, but all of my search engines still redirect me to sites that keep trying to reinstall malware, and bytes isn't doing the trick. In fact now Malwarebytes closes itself after completing a scan. It prompts you to press "OK" to see results and instantly closes.

Here's my Hijack log, thanks for any assitance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:36 PM, on 6/28/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\mozilla firefox\firefox.exe
C:\program files\mozilla firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WatchNow
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49617
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nike+ Connect] "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ted.exe - Shortcut.lnk = C:\Program Files\Torrent Episode Downloader\ted.exe
O4 - Startup: uTorrent - Shortcut.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSI50A6.tmp
O23 - Service: Hyperdesk's UxTheme Patcher (HyperdeskThemePatcher) - The Skins Factory, Inc - C:\Windows\Installer\MSID36C.tmp
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files\MediaMall\MediaMallServer.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10404 bytes

[Andy k]

bump

[guestolo]

Sorry for the delay, I removed that other users' reply and your response to them

Can you do the following please
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

• Close all windows and right click on OTL.exe and choose to "Run as Administrator"
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  

[Andy k]

OTL logfile created on: 7/3/2010 9:57:20 AM - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\KARPE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 29.80 Gb Free Space | 28.33% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 697.98 Gb Total Space | 538.43 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
 
Computer Name: BONES
Current User Name: KARPE
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 12:52:16 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2010/05/22 15:07:01 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/03/21 20:43:45 | 000,086,016 | ---- | M] () -- C:\Windows\Installer\MSI50A6.tmp
PRC - [2010/03/21 20:29:01 | 000,186,880 | ---- | M] (The Skins Factory, Inc) -- C:\Windows\Installer\MSID36C.tmp
PRC - [2009/12/17 18:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 03:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe
PRC - [2006/12/21 03:19:21 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/10/31 20:32:10 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/10/25 07:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/09/21 03:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/21 20:43:45 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI50A6.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2010/03/21 20:29:01 | 000,186,880 | ---- | M] (The Skins Factory, Inc) [Auto | Running] -- C:\Windows\Installer\MSID36C.tmp -- (HyperdeskThemePatcher)
SRV - [2009/11/06 19:11:46 | 003,007,488 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/05/05 18:53:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2007/03/27 16:06:00 | 000,104,000 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/12/21 03:19:21 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/10/31 20:32:10 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/31 20:32:10 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/10/27 09:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/10/25 07:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/10/25 07:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/10/25 07:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/14 00:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/09/21 03:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/06/26 13:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/06/13 22:31:21 | 000,080,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\caaf.sys -- (caaf)
DRV - [2009/10/14 10:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/19 17:37:59 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 01:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/19 01:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/06/29 01:39:40 | 000,022,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Tablet2k.cat -- (Tablet2k)
DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/05/31 13:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2007/04/23 11:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/06 15:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/12/21 03:20:41 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/11/18 15:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/06 11:00:00 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/11/06 11:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/06 11:00:00 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
DRV - [2006/11/04 03:23:02 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/04 03:23:00 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/04 03:22:56 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/20 13:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006/10/18 23:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 23:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 23:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/10/06 23:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/15 04:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 13:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WatchNow
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49617
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{1D26076F-4D69-46B7-8D81-3190A606AF70}: C:\Users\KARPE\AppData\Local\{1D26076F-4D69-46B7-8D81-3190A606AF70} [2010/06/13 22:33:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\program files\Mozilla Firefox\components [2010/07/02 01:16:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2010/07/02 01:16:52 | 000,000,000 | ---D | M]
 
[2010/07/02 11:27:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: ::1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ted.exe - Shortcut.lnk = C:\Program Files\Torrent Episode Downloader\ted.exe (Roel & Joost)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent - Shortcut.lnk = C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\KARPE\Pictures\b\Backgrounds\photo-109-large.jpg
O24 - Desktop BackupWallPaper: C:\Users\KARPE\Pictures\b\Backgrounds\photo-109-large.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/21 03:53:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{807c6735-2162-11df-a6fa-001636cdc2b5}\Shell - "" = AutoRun
O33 - MountPoints2\{807c6735-2162-11df-a6fa-001636cdc2b5}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009/11/13 15:25:22 | 003,280,672 | ---- | M] (Western Digital)
O33 - MountPoints2\{b69794d7-55db-11dd-9ddd-001636cdc2b5}\Shell - "" = AutoRun
O33 - MountPoints2\{b69794d7-55db-11dd-9ddd-001636cdc2b5}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/03 09:56:33 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
[2010/06/24 03:02:00 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:02:00 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:02:00 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/20 21:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/20 20:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/17 13:43:43 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\KARPE\Desktop\tools.exe
[2010/06/17 13:15:13 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/06/17 13:15:13 | 000,000,000 | ---D | C] -- \Malwarebytes' Anti-Malware
[2010/06/17 12:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nike
[2010/06/17 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nike
[2010/06/14 14:47:30 | 000,000,000 | ---D | C] -- C:\Users\KARPE\AppData\Local\Threat Expert
[2010/06/14 14:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/14 11:59:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/14 11:58:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/14 11:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/13 22:33:43 | 000,000,000 | ---D | C] -- C:\Users\KARPE\AppData\Local\{1D26076F-4D69-46B7-8D81-3190A606AF70}
[2010/06/08 21:51:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/08 21:51:13 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/08 21:51:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/08 21:51:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/08 21:51:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/08 21:51:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/06/08 21:51:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/08 21:50:58 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/04 01:27:57 | 000,000,000 | ---D | C] -- C:\Users\KARPE\Documents\20th Century Lit
[4 C:\Users\KARPE\Documents\*.tmp files -> C:\Users\KARPE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/03 09:57:21 | 005,242,880 | -HS- | M] () -- C:\Users\KARPE\ntuser.dat
[2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
[2010/07/03 09:50:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83AD95B8-9CDA-4BAD-830D-97BD8981DFEE}.job
[2010/07/03 09:45:40 | 000,124,344 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/03 09:45:40 | 000,124,344 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/03 09:45:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/03 09:45:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/03 09:45:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/30 11:58:36 | 000,002,831 | ---- | M] () -- C:\Windows\System32\requestBody.xml
[2010/06/30 11:58:36 | 000,002,799 | ---- | M] () -- C:\Windows\System32\responseBody.xml
[2010/06/30 11:58:36 | 000,001,059 | ---- | M] () -- C:\Windows\System32\request.gzip
[2010/06/30 11:58:36 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKARPE.job
[2010/06/29 23:02:01 | 000,238,592 | ---- | M] () -- C:\Users\KARPE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 10:53:21 | 000,000,181 | ---- | M] () -- C:\Windows\proposed.ini
[2010/06/29 10:53:14 | 017,446,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2010/06/29 10:53:13 | 000,001,118 | ---- | M] () -- C:\Users\KARPE\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/29 10:53:13 | 000,001,118 | ---- | M] () -- C:\Users\KARPE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/29 10:53:08 | 002,676,617 | -H-- | M] () -- C:\Users\KARPE\AppData\Local\IconCache.db
[2010/06/29 10:45:23 | 000,344,864 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/29 10:45:23 | 000,316,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/29 10:45:23 | 000,038,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/29 10:39:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/29 10:38:21 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/26 23:34:48 | 000,065,536 | -HS- | M] () -- C:\Users\KARPE\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/26 23:34:47 | 000,524,288 | -HS- | M] () -- C:\Users\KARPE\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 23:17:28 | 000,000,680 | ---- | M] () -- C:\Users\KARPE\AppData\Local\d3d9caps.dat
[2010/06/24 03:19:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/17 13:45:24 | 003,713,914 | ---- | M] () -- C:\Users\KARPE\Desktop\toolb.exe
[2010/06/17 13:43:46 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\KARPE\Desktop\tools.exe
[2010/06/17 13:11:14 | 000,000,414 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 00:39:17 | 000,001,698 | ---- | M] () -- C:\Users\KARPE\AppData\Local\Dkobemeyudafa.dat
[2010/06/14 00:39:17 | 000,000,000 | ---- | M] () -- C:\Users\KARPE\AppData\Local\Sbeliqe.bin
[2010/06/13 22:31:21 | 000,080,896 | ---- | M] () -- C:\Windows\System32\caaf.sys
[2010/06/10 04:01:06 | 001,718,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/03 18:49:36 | 000,296,960 | ---- | M] () -- C:\Users\KARPE\Media.emm
[2010/06/03 18:49:36 | 000,010,157 | ---- | M] () -- C:\Users\KARPE\Settings.xml
[2010/06/03 16:18:57 | 000,811,991 | ---- | M] () -- C:\Users\KARPE\Documents\application for admission le jun09.pdf
[4 C:\Users\KARPE\Documents\*.tmp files -> C:\Users\KARPE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/06/29 10:53:25 | 055,062,271 | ---- | C] () -- C:\Users\KARPE\Desktop\DarkMatter Solar Flare Alloy.widget
[2010/06/29 10:53:22 | 047,957,939 | ---- | C] () -- C:\Users\KARPE\Desktop\DarkMatter Solar Flare Dark.widget
[2010/06/17 13:45:10 | 003,713,914 | ---- | C] () -- C:\Users\KARPE\Desktop\toolb.exe
[2010/06/17 13:34:45 | 000,061,418 | ---- | C] () -- \TDSSKiller.2.3.2.0_17.06.2010_13.34.45_log.txt
[2010/06/14 11:59:09 | 000,000,414 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/13 22:33:45 | 000,001,698 | ---- | C] () -- C:\Users\KARPE\AppData\Local\Dkobemeyudafa.dat
[2010/06/13 22:33:45 | 000,000,000 | ---- | C] () -- C:\Users\KARPE\AppData\Local\Sbeliqe.bin
[2010/06/13 22:31:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\caaf.sys
[2010/06/03 16:18:47 | 000,811,991 | ---- | C] () -- C:\Users\KARPE\Documents\application for admission le jun09.pdf
[2010/03/21 20:51:52 | 000,000,181 | ---- | C] () -- C:\Windows\proposed.ini
[2009/10/20 14:24:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/07/19 17:37:58 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/05/12 21:53:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/12 21:50:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/12 21:50:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/12 21:50:08 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/12 21:49:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/16 21:54:28 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2008/01/07 09:37:07 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/01/02 02:43:43 | 000,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2008/01/02 02:41:46 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2007/05/21 15:13:46 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/05/21 15:13:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/05/19 04:17:51 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/05/18 00:08:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/05/18 00:08:51 | 003,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/05/18 00:08:51 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/05/18 00:08:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/04/24 15:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2007/02/02 02:06:14 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/12/22 15:15:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\hllapi32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >



OTL Extras logfile created on: 7/3/2010 9:57:20 AM - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\KARPE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 29.80 Gb Free Space | 28.33% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 697.98 Gb Total Space | 538.43 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
 
Computer Name: BONES
Current User Name: KARPE
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\program files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\program files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-371134317-1081876705-1057441824-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BF1F2B-368E-4A96-ABEF-31007867E8AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08B47D74-9809-4312-B143-1E1F0871BD16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13480C72-3D4F-4453-BA90-46D0B6E90751}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A21CAA6-0731-412F-BA2F-86E51D03CCE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1F697531-8C37-4FEB-99FC-ACB595B561E3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{20C1798E-8CF6-4A60-B2A7-57C2C36873CB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{24B572D4-3747-4125-8C9D-88D77FB5C536}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28993294-86E2-420D-814D-54D589187EC0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{28ED774F-1B5C-4936-B405-AA9598BFD9CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{30A44243-7203-41B3-9D41-40A451656981}" = lport=10243 | protocol=6 | dir=in | app=system |
"{339FCC85-EAA0-478A-AAF6-55BDDDC10AAB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43BB6979-8D13-4E2D-BB01-01BEF2E3D92E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{513EB463-F7A1-4CB9-9440-352D62D1366A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{52959F1B-A4D4-4467-BFB2-3773FAED4669}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58E6B341-B5E8-42F7-8DD3-337A4012BBFA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{65137BD2-4986-42DF-84B8-71B44BA42986}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{66BB2A11-ED80-40C4-88CD-C78C1679A97B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6766DF30-72A8-4A52-8933-FFAEEF49322C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6EBB2EE8-EDFD-49DE-9227-B6C35EEC26D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70E5748A-7770-4572-867A-6B66C02B2531}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{713C7225-DF22-4D82-8CC8-F70D0218A156}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74AF1C9D-293F-40E3-94AD-A21EF0A4B751}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{74BB7206-2CD2-44DD-9AF2-7C7BCD62BB10}" = lport=3390 | protocol=6 | dir=in | app=system |
"{75FB06AE-2F4C-4AC4-8F8D-75E47DA4422B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7677FF05-3A4F-4A19-AFEC-D590A0F7EDCA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A6DBF1C-02A1-4258-92B5-1F4B27AB56D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BC195F4-EE2F-4E26-A3A6-2DA576724651}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80DBA8E3-E9DD-4C6C-93E7-9B5C17C0AF0A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8BE5D26E-D747-44F6-8233-57DEBB046946}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93CB70DC-FD2E-42C0-BD53-D536BDF7051B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9FCEED9A-3CD2-4A25-A381-62A3686327E2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A241CBB3-5285-499C-8E20-D7D8BD763378}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2949601-88FE-42F8-A861-0AFB9FC96B7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA2FCEB8-665D-472A-889F-80B685C37606}" = rport=10244 | protocol=6 | dir=out | app=system |
"{AB99762E-C9D7-4870-B6A5-A4931792058A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD4FBA9B-AB29-45BB-9B1C-072CD6C0471A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B05DC7C2-A42B-4C98-B47A-F33846737389}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C2864CC5-EC92-4169-BBF1-E13C336E33AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C86C52AD-0377-4C4D-AEB9-5961445A9F54}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CA1366F5-389F-44E5-A4A5-7FD3CAD89AEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB2A25B6-F519-4BC8-AE74-746B3C48A8A5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF77C869-5BD9-41E7-A36F-21467802B51A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D067405B-2454-4078-BE8D-5F5F5E280F77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D27AC17B-7944-4D42-968F-63035F865B1E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D34862AB-97F3-4B72-A1A5-C9EC78ED987A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA96AF6E-2148-4A24-8FE4-A7E9EA923FAC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{DB769275-2B81-4AE0-A3ED-79FCE01B1D00}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DE7F9AC2-7FB4-4355-8ADA-BF1E621AF4F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E07BE0C0-7FFD-497D-81E2-799B35A4BD38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E60D8D93-6F07-4BA1-91A1-4B8B9B4FBA98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E939FA49-14A7-4979-90C3-E28950134553}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBBE004A-2739-41E3-88E5-B802E5870E65}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EF7FD160-1F0E-48A9-A42F-51F2342EF919}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EFB32ED7-A831-4A33-9F2B-56CB774B0A62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7D75B1B-3C6B-4018-8EAA-A89FB06981EC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FA2EED0D-472F-4F9C-81E9-2995DA554404}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF2B38C3-BE27-4E00-BC10-184FDC5F6E6D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094AE5C8-2FA5-4DB4-B820-FA916B6AFE83}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{0D03A67F-C5A2-42EE-B397-7E0F22964950}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{1302151B-CB9A-4DE9-A5C7-D04EC453C2B3}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{159BD7A5-CEC6-4388-9404-4E82D28947BF}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{172779CA-DAF2-4F38-A456-6E75A2CD4D03}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1FBC0CFE-9C54-4459-AEC2-90CCEE0AF68A}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{27BEFE81-DB94-459F-80CF-D1E5711DDB5D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2B1F7017-BD3B-4C1E-B091-4AAD1F89D25F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{38BA09EE-034E-4DA5-B691-299208058FF5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3A62E639-8080-4618-BDCF-5C37F749A6DE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{3B3F17BB-EBAA-4573-A983-6CFF793F8E19}" = protocol=58 | dir=in | [email protected],-148 |
"{3D4BBA37-5E59-47FB-A4A0-A3F8D172CF0C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{

[guestolo]

Download ComboFix from Only this location:

[color="#0000FF"]Link [/color]
[color="#FF0000"]Save it ONLY to your Desktop[/color]

[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Right click  on ComboFix.exe and choose to "Run as Administrator"
follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

[Andy k]

I noticed Symantec a lot in the logs you had me post, and now it's saying that Norton is running. I hate Symantec, do you have a removal tool? I'm not exactly sure how to disable it for ComboFix to run

[guestolo]

I hope you plan on replacing Norton's?
Is that what your saying, you want to remove Norton's completely, run ComboFix then install new AV software?

Can you let me know your intentions please, then we'll go from there

[Andy k]

[quote name='guestolo' date='03 July 2010 - 03:09 PM' timestamp='1278187794' post='470449']
I hope you plan on replacing Norton's?
Is that what your saying, you want to remove Norton's completely, run ComboFix then install new AV software?

Can you let me know your intentions please, then we'll go from there
[/quote]

Yes I plan to replace, Is Avira enough?

[guestolo]

Do the following please
Download and save to your desktop
Norton Removal tool

Do Not run it yet
Download and save to desktop
The installer for Avira free edition from the following link
Click HERE
Again, do not run this yet

Open your Windows Control Panel>>Programs and Features
Remove Norton Internet Security completely, when it's done, reboot your computer
Back in Windows, Right click on the Norton Removal tool and choose to "Run as Administrator"
Follow the prompts, reboot again when complete

Back in Windows, run ComboFix with the directions I posted earlier please
and then post it's log
After the log has been posted

Ensure that the Vista Firewall is ON
1. Open Windows Firewall by clicking the Start button >clicking Control Panel, clicking Security, and then clicking Windows Firewall.
2. Click Turn Windows Firewall on or off. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Click On (recommended), and then click OK.

Right click on the Avira installer and choose to "Run As Administrator"
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back in Windows

 Please post the log from Avira along with the ComboFix log from earlier
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"

[Andy k]

ComboFix 10-07-03.01 - KARPE 07/03/2010 17:45:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1055 [GMT -4:00]
Running from: c:\users\KARPE\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\KARPE\AppData\Local\{1D26076F-4D69-46B7-8D81-3190A606AF70}
c:\users\KARPE\AppData\Local\{1D26076F-4D69-46B7-8D81-3190A606AF70}\chrome.manifest
c:\users\KARPE\AppData\Local\{1D26076F-4D69-46B7-8D81-3190A606AF70}\chrome\content\_cfg.js
c:\users\KARPE\AppData\Local\{1D26076F-4D69-46B7-8D81-3190A606AF70}\chrome\content\overlay.xul
c:\users\KARPE\AppData\Local\{1D26076F-4D69-46B7-8D81-3190A606AF70}\install.rdf
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-03 21:57 . 2010-07-03 21:57   --------   d-----w-   c:\users\Mcx3\AppData\Local\temp
2010-07-03 21:57 . 2010-07-03 21:57   --------   d-----w-   c:\users\Mcx2\AppData\Local\temp
2010-07-03 21:57 . 2010-07-03 21:57   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2010-07-03 21:57 . 2010-07-03 21:57   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-07-03 18:20 . 2010-07-03 18:19   318976   ----a-w-   c:\windows\system32\CF14123.exe
2010-06-24 07:02 . 2009-11-08 14:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:02 . 2009-11-08 14:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-06-24 07:02 . 2009-11-08 14:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-06-24 07:02 . 2009-11-08 14:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-06-24 07:01 . 2009-11-08 14:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-06-21 01:03 . 2010-06-21 01:03   --------   d-----w-   c:\program files\iPod
2010-06-21 01:03 . 2010-06-21 01:04   --------   d-----w-   c:\program files\iTunes
2010-06-21 00:59 . 2010-06-21 01:00   --------   d-----w-   c:\program files\QuickTime
2010-06-17 17:15 . 2010-06-17 17:15   --------   d-----w-   C:\Malwarebytes' Anti-Malware
2010-06-17 16:11 . 2010-06-17 16:11   --------   d-----w-   c:\programdata\Nike
2010-06-17 16:11 . 2010-06-17 16:11   --------   d-----w-   c:\program files\Nike
2010-06-16 00:01 . 2010-06-16 00:01   72504   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 18:47 . 2010-06-14 18:47   --------   d-----w-   c:\users\KARPE\AppData\Local\Threat Expert
2010-06-14 15:59 . 2010-06-14 15:59   --------   d-----w-   c:\users\KARPE\AppData\Roaming\Malwarebytes
2010-06-14 15:59 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-14 15:58 . 2010-06-14 15:58   --------   d-----w-   c:\programdata\Malwarebytes
2010-06-14 15:58 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-14 02:33 . 2010-06-14 04:39   1698   ----a-w-   c:\users\KARPE\AppData\Local\Dkobemeyudafa.dat
2010-06-14 02:33 . 2010-06-14 04:39   0   ----a-w-   c:\users\KARPE\AppData\Local\Sbeliqe.bin
2010-06-14 02:31 . 2010-06-14 02:31   80896   ----a-w-   c:\windows\system32\caaf.sys
2010-06-09 01:51 . 2010-04-05 17:01   67072   ----a-w-   c:\windows\system32\asycfilt.dll
2010-06-09 01:51 . 2010-05-26 14:47   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-06-09 01:51 . 2010-05-26 17:06   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-06-09 01:51 . 2010-05-04 19:15   834048   ----a-w-   c:\windows\system32\wininet.dll
2010-06-09 01:51 . 2010-05-04 18:37   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-06-09 01:50 . 2010-05-01 14:13   2037248   ----a-w-   c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 21:58 . 2008-09-16 00:35   --------   d-----w-   c:\users\KARPE\AppData\Roaming\uTorrent
2010-07-03 21:38 . 2010-04-14 15:37   124344   ----a-w-   c:\programdata\nvModes.dat
2010-07-03 21:37 . 2006-12-21 06:44   12   ----a-w-   c:\windows\bthservsdp.dat
2010-07-03 21:29 . 2006-12-21 07:16   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-06-30 20:33 . 2010-02-20 01:01   --------   d-----w-   c:\users\KARPE\AppData\Roaming\XBMC
2010-06-30 15:56 . 2006-12-21 07:02   --------   d-----w-   c:\program files\Hewlett-Packard
2010-06-29 18:36 . 2008-03-24 14:55   --------   d-----w-   c:\users\KARPE\AppData\Roaming\vlc
2010-06-29 14:53 . 2006-11-02 07:26   17446912   ----a-w-   c:\windows\system32\imageres.dll
2010-06-27 03:17 . 2007-02-06 21:53   680   ----a-w-   c:\users\KARPE\AppData\Local\d3d9caps.dat
2010-06-21 01:03 . 2008-08-27 06:34   --------   d-----w-   c:\program files\Common Files\Apple
2010-06-21 00:57 . 2007-03-29 00:46   --------   d-----w-   c:\program files\Apple Software Update
2010-06-21 00:54 . 2008-01-28 18:38   --------   d-----w-   c:\program files\Bonjour
2010-06-18 02:17 . 2008-05-24 20:47   --------   d-----w-   c:\users\KARPE\AppData\Roaming\U3
2010-06-10 14:28 . 2008-09-25 22:38   --------   d-----w-   c:\users\KARPE\AppData\Roaming\dvdcss
2010-06-05 23:13 . 2007-12-20 00:32   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-05-31 04:02 . 2010-04-11 04:38   --------   d-----w-   c:\program files\Ember Media Manager
2010-05-31 03:49 . 2010-05-31 03:49   7310   ----a-w-   c:\program files\InstallTasks.xml
2010-05-31 03:48 . 2010-05-31 03:48   --------   d-----w-   c:\program files\Modules
2010-05-31 03:48 . 2010-05-31 03:48   --------   d-----w-   c:\program files\Bin
2010-05-31 03:48 . 2010-05-31 03:48   --------   d-----w-   c:\program files\Themes
2010-05-31 03:48 . 2010-05-31 03:48   --------   d-----w-   c:\program files\Langs
2010-05-31 03:48 . 2010-05-31 03:48   --------   d-----w-   c:\program files\Images
2010-05-31 03:48 . 2010-05-31 03:48   489472   ----a-w-   c:\program files\EmberAPI.dll
2010-05-31 03:48 . 2010-05-31 03:48   2300928   ----a-w-   c:\program files\Ember Media Manager.exe
2010-05-31 03:48 . 2010-05-31 03:48   886272   ----a-w-   c:\program files\System.Data.SQLite.dll
2010-05-31 03:48 . 2010-05-31 03:48   192512   ----a-w-   c:\program files\ICSharpCode.SharpZipLib.dll
2010-05-31 03:43 . 2010-02-20 01:08   --------   d-----w-   c:\program files\theRenamer
2010-05-26 19:24 . 2010-06-02 15:34   18488   ----a-w-   c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 12:25 . 2008-09-16 00:35   --------   d-----w-   c:\program files\uTorrent
2010-05-21 18:14 . 2009-10-02 22:32   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-05-18 20:35 . 2010-05-18 20:35   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-13 07:00 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-04-23 14:13 . 2010-05-25 22:07   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-04-20 00:47 . 2010-04-20 00:47   3062048   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2010-04-20 00:47   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-04-15 22:49 . 2010-03-31 15:33   1335048   ----a-w-   c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-14 15:09 . 2007-01-31 02:33   62947   ----a-w-   c:\users\KARPE\AppData\Roaming\nvModes.dat
2010-04-08 20:48 . 2010-03-31 15:33   17160   ----a-w-   c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-04-06 21:52 . 2010-06-02 15:34   18184   ----a-w-   c:\windows\Help\OEM\scripts\HC_Launch.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-06-01 299008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

c:\users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-7-5 3450608]
ted.exe - Shortcut.lnk - c:\program files\Torrent Episode Downloader\ted.exe [2010-2-19 41984]
uTorrent - Shortcut.lnk - c:\program files\uTorrent\uTorrent.exe [2008-9-15 322352]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^KARPE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-04-03 20:44   640440   ----a-w-   c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-04-04 02:32   38840   ----a-w-   c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17   952768   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04   39792   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2006-07-27 18:44   61952   ----a-w-   c:\windows\System32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 11:58   75008   ----a-w-   c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24   54840   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-10-03 19:15   480560   ----a-w-   c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33   141624   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-24 10:08   13601312   ----a-w-   c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-11-06 18:58   159744   ----a-w-   c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33   167936   ----a-w-   c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28   1233920   ----a-w-   c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21   246504   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 07:05   1045800   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-09-26 11:34   316720   ----a-w-   c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45   215552   ----a-w-   c:\windows\WindowsMobile\wmdSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 18:16   158448   ----a-w-   c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />:8b,54,be,8c,13,52,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-371134317-1081876705-1057441824-1000]
"EnableNotificationsRef"=dword:00000001

R3 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [2009-11-06 3007488]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-01-06 199680]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-07-19 717296]
S1 caaf;caaf;c:\windows\system32\caaf.sys [2010-06-14 80896]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI50A6.tmp [2010-03-22 86016]
S2 HyperdeskThemePatcher;Hyperdesk's UxTheme Patcher;c:\windows\Installer\MSID36C.tmp [2010-03-22 186880]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ    BthServ
WindowsMobile   REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ    WcesComm RapiMgr
HPZ12   REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\HPCeeScheduleForKARPE.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-21 00:08]

2010-07-03 c:\windows\Tasks\User_Feed_Synchronization-{83AD95B8-9CDA-4BAD-830D-97BD8981DFEE}.job
- c:\windows\system32\msfeedssync.exe [2008-09-17 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/WatchNow
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:49617
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\KARPE\AppData\Roaming\Mozilla\Firefox\Profiles\bj820pen.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\KARPE\AppData\Roaming\Mozilla\Firefox\Profiles\bj820pen.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",    5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 17:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSI50A6.tmp\" -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HyperdeskThemePatcher]
"ImagePath"="\"c:\windows\Installer\MSID36C.tmp\" -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-03 18:03:24
ComboFix-quarantined-files.txt 2010-07-03 22:03

Pre-Run: 31,123,894,272 bytes free
Post-Run: 31,113,191,424 bytes free

- - End Of File - - 740FC3752989AC12D92EA6CA25C21C28

[Andy k]

Avira Log



Avira AntiVir Personal
Report file date: Saturday, July 03, 2010 18:13

Scanning for 2287529 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee    : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform    : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode    : Normally booted
Username    : KARPE
Computer name : BONES

Version information:
BUILD.DAT    : 10.0.0.567    32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE    : 10.0.3.0    433832 Bytes   4/1/2010 17:37:38
AVSCAN.DLL    : 10.0.3.0    46440 Bytes   4/1/2010 17:57:04
LUKE.DLL    : 10.0.2.3    104296 Bytes   3/7/2010 23:33:04
LUKERES.DLL    : 10.0.0.1    12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF   : 7.10.0.0   19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF   : 7.10.1.0    1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF   : 7.10.3.1    3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF   : 7.10.3.75    996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF   : 7.10.4.203 1579008 Bytes   3/5/2010 16:29:03
VBASE005.VDF   : 7.10.6.82   2494464 Bytes 4/15/2010 22:12:09
VBASE006.VDF   : 7.10.7.218 2294784 Bytes   6/2/2010 22:12:14
VBASE007.VDF   : 7.10.7.219    2048 Bytes   6/2/2010 22:12:14
VBASE008.VDF   : 7.10.7.220    2048 Bytes   6/2/2010 22:12:14
VBASE009.VDF   : 7.10.7.221    2048 Bytes   6/2/2010 22:12:15
VBASE010.VDF   : 7.10.7.222    2048 Bytes   6/2/2010 22:12:15
VBASE011.VDF   : 7.10.7.223    2048 Bytes   6/2/2010 22:12:15
VBASE012.VDF   : 7.10.7.224    2048 Bytes   6/2/2010 22:12:15
VBASE013.VDF   : 7.10.8.37    270336 Bytes 6/10/2010 22:12:16
VBASE014.VDF   : 7.10.8.69    138752 Bytes 6/14/2010 22:12:17
VBASE015.VDF   : 7.10.8.102   130560 Bytes 6/16/2010 22:12:17
VBASE016.VDF   : 7.10.8.135   152064 Bytes 6/21/2010 22:12:19
VBASE017.VDF   : 7.10.8.163   432128 Bytes 6/23/2010 22:12:20
VBASE018.VDF   : 7.10.8.194   133632 Bytes 6/27/2010 22:12:21
VBASE019.VDF   : 7.10.8.220   134656 Bytes 6/29/2010 22:12:21
VBASE020.VDF   : 7.10.8.221    2048 Bytes 6/29/2010 22:12:21
VBASE021.VDF   : 7.10.8.222    2048 Bytes 6/29/2010 22:12:21
VBASE022.VDF   : 7.10.8.223    2048 Bytes 6/29/2010 22:12:22
VBASE023.VDF   : 7.10.8.224    2048 Bytes 6/29/2010 22:12:22
VBASE024.VDF   : 7.10.8.225    2048 Bytes 6/29/2010 22:12:22
VBASE025.VDF   : 7.10.8.226    2048 Bytes 6/29/2010 22:12:22
VBASE026.VDF   : 7.10.8.227    2048 Bytes 6/29/2010 22:12:22
VBASE027.VDF   : 7.10.8.228    2048 Bytes 6/29/2010 22:12:22
VBASE028.VDF   : 7.10.8.229    2048 Bytes 6/29/2010 22:12:22
VBASE029.VDF   : 7.10.8.230    2048 Bytes 6/29/2010 22:12:23
VBASE030.VDF   : 7.10.8.231    2048 Bytes 6/29/2010 22:12:23
VBASE031.VDF   : 7.10.8.247   115712 Bytes   7/2/2010 22:12:24
Engineversion : 8.2.4.2
AEVDF.DLL    : 8.1.2.0    106868 Bytes   7/3/2010 22:12:36
AESCRIPT.DLL   : 8.1.3.33    1356155 Bytes   7/3/2010 22:12:36
AESCN.DLL    : 8.1.6.1    127347 Bytes   7/3/2010 22:12:34
AESBX.DLL    : 8.1.3.1    254324 Bytes   7/3/2010 22:12:36
AERDL.DLL    : 8.1.4.6    541043 Bytes   7/3/2010 22:12:34
AEPACK.DLL    : 8.2.2.5    430453 Bytes   7/3/2010 22:12:33
AEOFFICE.DLL   : 8.1.1.0    201081 Bytes   7/3/2010 22:12:32
AEHEUR.DLL    : 8.1.1.38    2724214 Bytes   7/3/2010 22:12:32
AEHELP.DLL    : 8.1.11.6    242038 Bytes   7/3/2010 22:12:28
AEGEN.DLL    : 8.1.3.12    377204 Bytes   7/3/2010 22:12:27
AEEMU.DLL    : 8.1.2.0    393588 Bytes   7/3/2010 22:12:27
AECORE.DLL    : 8.1.15.3    192886 Bytes   7/3/2010 22:12:26
AEBB.DLL    : 8.1.1.0    53618 Bytes   7/3/2010 22:12:26
AVWINLL.DLL    : 10.0.0.0    19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL    : 10.0.0.0    44904 Bytes 1/14/2010 17:03:35
AVREP.DLL    : 10.0.0.8    62209 Bytes 2/18/2010 21:47:40
AVREG.DLL    : 10.0.3.0    53096 Bytes   4/1/2010 17:35:46
AVSCPLR.DLL    : 10.0.3.0    83816 Bytes   4/1/2010 17:39:51
AVARKT.DLL    : 10.0.0.14    227176 Bytes   4/1/2010 17:22:13
AVEVTLOG.DLL   : 10.0.0.8    203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL    : 3.6.19.0    355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL    : 10.0.0.17    63848 Bytes 3/16/2010 20:38:56
NETNT.DLL    : 10.0.0.0    11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL    : 10.0.0.26   2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL    : 10.0.53.0    97128 Bytes   4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +PFS,

Start of the scan: Saturday, July 03, 2010 18:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'ZuneNss.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hphc_service.exe' - '1' Module(s) have been scanned
Scan process 'InputPersonalization.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.EXE' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'UI0Detect.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'YahooWidgets.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'uTorrent.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Nike+ Connect daemon.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'WTClient.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'WLANExt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MSID36C.tmp' - '1' Module(s) have been scanned
Scan process 'MSI50A6.tmp' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
   [INFO]    No virus was found!
Master boot sector HD1
   [INFO]    No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
C:\Windows\System32\caaf.sys
   [DETECTION] Contains recognition pattern of the RKIT/37459.A root kit

The registry was scanned ( '634' files ).


Beginning disinfection:
C:\Windows\System32\caaf.sys
   [DETECTION] Contains recognition pattern of the RKIT/37459.A root kit
   [NOTE]    The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\caaf\ImagePath> was removed successfully.
   [NOTE]    The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet001\Services\caaf\ImagePath> was removed successfully.
   [NOTE]    The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet002\Services\caaf\ImagePath> was removed successfully.
   [WARNING] The file could not be copied to quarantine!
   [WARNING] The file could not be deleted!
   [NOTE]    The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\caaf\ImagePath> was removed successfully.
   [NOTE]    The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet001\Services\caaf\ImagePath> was removed successfully.
   [NOTE]    The registration entry <HKEY_LOCAL_MACHINE\System\ControlSet002\Services\caaf\ImagePath> was removed successfully.
   [NOTE]    The file is scheduled for deleting after reboot.
The repair notes were written to the file 'C:\avrescue\rescue.avp'.


End of the scan: Saturday, July 03, 2010 18:30
Used time: 00:45 Minute(s)

The scan has been done completely.

    0 Scanned directories
 1149 Files were scanned
    1 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
 1148 Files not concerned
    3 Archives were scanned
    1 Warnings
    1 Notes

[guestolo]

How are things running on your end now?

I just want to see if a few entries are still around
Can you do the following for me please
Right click on OTL.exe and choose to "Run as Admin"

Under "EXTRA REGISTRY" select "USE SAFELIST"
Then click the RUN SCAN button
When done, post both logs

[Andy k]

I'm still having an issue with the search redirect, Google links are being routed through something called Favosearch.

Logs on their way.

[Andy k]

d OTL logfile created on: 7/4/2010 2:59:25 PM - Run 2
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\KARPE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 30.34 Gb Free Space | 28.84% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 697.98 Gb Total Space | 538.40 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
 
Computer Name: BONES
Current User Name: KARPE
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
PRC - [2010/07/02 01:16:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 12:52:16 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2010/05/22 15:07:01 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/21 20:43:45 | 000,086,016 | ---- | M] () -- C:\Windows\Installer\MSI50A6.tmp
PRC - [2010/03/21 20:29:01 | 000,186,880 | ---- | M] (The Skins Factory, Inc) -- C:\Windows\Installer\MSID36C.tmp
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/17 18:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 03:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe
PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/21 20:43:45 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI50A6.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2010/03/21 20:29:01 | 000,186,880 | ---- | M] (The Skins Factory, Inc) [Auto | Running] -- C:\Windows\Installer\MSID36C.tmp -- (HyperdeskThemePatcher)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/06 19:11:46 | 003,007,488 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/05/05 18:53:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2007/03/27 16:06:00 | 000,104,000 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 13:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/06/13 22:31:21 | 000,080,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\caaf.sys -- (caaf)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/14 10:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/19 17:37:59 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 01:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/19 01:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/06/29 01:39:40 | 000,022,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Tablet2k.cat -- (Tablet2k)
DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/05/31 13:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2007/04/23 11:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/06 15:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/18 15:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 23:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 23:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 23:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/09/15 04:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 13:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WatchNow
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49617
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\program files\Mozilla Firefox\components [2010/07/02 01:16:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2010/07/02 01:16:52 | 000,000,000 | ---D | M]
 
[2010/07/04 14:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
 
O1 HOSTS File: ([2010/07/03 17:57:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ted.exe - Shortcut.lnk = C:\Program Files\Torrent Episode Downloader\ted.exe (Roel & Joost)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent - Shortcut.lnk = C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.112.12 68.238.96.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/21 03:53:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/03 18:33:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/03 18:33:39 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/07/03 18:10:06 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/07/03 18:10:06 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/07/03 18:10:06 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/07/03 18:10:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/07/03 18:10:06 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/07/03 18:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/03 18:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/03 17:57:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/03 17:43:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/03 17:43:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/03 17:43:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/03 17:42:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/03 17:32:20 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\KARPE\Desktop\Norton_Removal_Tool.exe
[2010/07/03 14:20:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/03 14:20:01 | 000,000,000 | ---D | C] -- \Qoobox
[2010/07/03 14:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/03 14:20:00 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF14123.exe
[2010/07/03 09:56:33 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
[2010/06/24 03:02:00 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:02:00 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:02:00 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/20 21:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/20 20:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/17 13:43:43 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\KARPE\Desktop\tools.exe
[2010/06/17 13:15:13 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/06/17 13:15:13 | 000,000,000 | ---D | C] -- \Malwarebytes' Anti-Malware
[2010/06/17 12:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nike
[2010/06/17 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nike
[2010/06/14 14:47:30 | 000,000,000 | ---D | C] -- C:\Users\KARPE\AppData\Local\Threat Expert
[2010/06/14 14:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/14 11:59:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/14 11:58:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/14 11:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/08 21:51:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/08 21:51:13 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/08 21:51:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/08 21:51:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/08 21:51:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/08 21:51:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/06/08 21:51:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/08 21:50:58 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[4 C:\Users\KARPE\Documents\*.tmp files -> C:\Users\KARPE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/04 15:01:04 | 005,242,880 | -HS- | M] () -- C:\Users\KARPE\ntuser.dat
[2010/07/04 14:28:07 | 000,124,344 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/04 14:28:07 | 000,124,344 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/04 14:27:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/04 14:27:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 14:27:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 10:31:25 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83AD95B8-9CDA-4BAD-830D-97BD8981DFEE}.job
[2010/07/04 02:31:38 | 000,344,864 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/04 02:31:38 | 000,316,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/04 02:31:38 | 000,038,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/04 02:26:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/04 02:26:02 | 2076,831,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/04 02:24:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/04 02:24:17 | 000,524,288 | -HS- | M] () -- C:\Users\KARPE\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/04 02:24:17 | 000,065,536 | -HS- | M] () -- C:\Users\KARPE\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/04 02:24:14 | 006,291,456 | -H-- | M] () -- C:\Users\KARPE\AppData\Local\IconCache.db
[2010/07/03 17:58:20 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/03 17:57:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/03 17:42:12 | 003,726,255 | R--- | M] () -- C:\Users\KARPE\Desktop\ComboFix.exe
[2010/07/03 17:32:23 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\KARPE\Desktop\Norton_Removal_Tool.exe
[2010/07/03 17:29:24 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKARPE.job
[2010/07/03 17:18:18 | 044,089,904 | ---- | M] () -- C:\Users\KARPE\Desktop\avira_antivir_personal_en.exe
[2010/07/03 17:15:41 | 000,060,524 | ---- | M] () -- C:\Users\KARPE\Desktop\Norton_Removal_Tool_SymNRT_d4749.html
[2010/07/03 14:19:44 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF14123.exe
[2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
[2010/06/30 11:58:36 | 000,002,831 | ---- | M] () -- C:\Windows\System32\requestBody.xml
[2010/06/30 11:58:36 | 000,002,799 | ---- | M] () -- C:\Windows\System32\responseBody.xml
[2010/06/30 11:58:36 | 000,001,059 | ---- | M] () -- C:\Windows\System32\request.gzip
[2010/06/29 23:02:01 | 000,238,592 | ---- | M] () -- C:\Users\KARPE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 10:53:21 | 000,000,181 | ---- | M] () -- C:\Windows\proposed.ini
[2010/06/29 10:53:14 | 017,446,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2010/06/29 10:53:13 | 000,001,118 | ---- | M] () -- C:\Users\KARPE\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/29 10:53:13 | 000,001,118 | ---- | M] () -- C:\Users\KARPE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/26 23:17:28 | 000,000,680 | ---- | M] () -- C:\Users\KARPE\AppData\Local\d3d9caps.dat
[2010/06/17 13:45:24 | 003,713,914 | ---- | M] () -- C:\Users\KARPE\Desktop\toolb.exe
[2010/06/17 13:43:46 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\KARPE\Desktop\tools.exe
[2010/06/17 13:11:14 | 000,000,414 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 00:39:17 | 000,001,698 | ---- | M] () -- C:\Users\KARPE\AppData\Local\Dkobemeyudafa.dat
[2010/06/14 00:39:17 | 000,000,000 | ---- | M] () -- C:\Users\KARPE\AppData\Local\Sbeliqe.bin
[2010/06/13 22:31:21 | 000,080,896 | ---- | M] () -- C:\Windows\System32\caaf.sys
[2010/06/10 04:01:06 | 001,718,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[4 C:\Users\KARPE\Documents\*.tmp files -> C:\Users\KARPE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/03 18:03:29 | 000,022,403 | ---- | C] () -- \ComboFix.txt
[2010/07/03 17:43:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/03 17:43:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/03 17:43:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/03 17:43:22 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/03 17:43:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/03 17:17:20 | 044,089,904 | ---- | C] () -- C:\Users\KARPE\Desktop\avira_antivir_personal_en.exe
[2010/07/03 17:15:39 | 000,060,524 | ---- | C] () -- C:\Users\KARPE\Desktop\Norton_Removal_Tool_SymNRT_d4749.html
[2010/06/29 10:53:25 | 055,062,271 | ---- | C] () -- C:\Users\KARPE\Desktop\DarkMatter Solar Flare Alloy.widget
[2010/06/29 10:53:22 | 047,957,939 | ---- | C] () -- C:\Users\KARPE\Desktop\DarkMatter Solar Flare Dark.widget
[2010/06/17 13:45:10 | 003,713,914 | ---- | C] () -- C:\Users\KARPE\Desktop\toolb.exe
[2010/06/17 13:34:45 | 000,061,418 | ---- | C] () -- \TDSSKiller.2.3.2.0_17.06.2010_13.34.45_log.txt
[2010/06/14 11:59:09 | 000,000,414 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/13 22:33:45 | 000,001,698 | ---- | C] () -- C:\Users\KARPE\AppData\Local\Dkobemeyudafa.dat
[2010/06/13 22:33:45 | 000,000,000 | ---- | C] () -- C:\Users\KARPE\AppData\Local\Sbeliqe.bin
[2010/06/13 22:31:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\caaf.sys
[2010/03/21 20:51:52 | 000,000,181 | ---- | C] () -- C:\Windows\proposed.ini
[2009/10/20 14:24:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/07/19 17:37:58 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/05/12 21:53:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/12 21:50:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/12 21:50:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/12 21:50:08 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/12 21:49:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/07 09:37:07 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/01/02 02:43:43 | 000,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2008/01/02 02:41:46 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2007/05/21 15:13:46 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/05/21 15:13:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/05/19 04:17:51 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/05/18 00:08:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/05/18 00:08:51 | 003,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/05/18 00:08:51 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/05/18 00:08:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/04/24 15:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2007/02/02 02:06:14 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/12/22 15:15:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\hllapi32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 7/4/2010 2:59:25 PM - Run 2
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\KARPE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 30.34 Gb Free Space | 28.84% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 697.98 Gb Total Space | 538.40 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
 
Computer Name: BONES
Current User Name: KARPE
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\program files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-371134317-1081876705-1057441824-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BF1F2B-368E-4A96-ABEF-31007867E8AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08B47D74-9809-4312-B143-1E1F0871BD16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13480C72-3D4F-4453-BA90-46D0B6E90751}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A21CAA6-0731-412F-BA2F-86E51D03CCE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1F697531-8C37-4FEB-99FC-ACB595B561E3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{20C1798E-8CF6-4A60-B2A7-57C2C36873CB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{24B572D4-3747-4125-8C9D-88D77FB5C536}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28993294-86E2-420D-814D-54D589187EC0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{28ED774F-1B5C-4936-B405-AA9598BFD9CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{30A44243-7203-41B3-9D41-40A451656981}" = lport=10243 | protocol=6 | dir=in | app=system |
"{339FCC85-EAA0-478A-AAF6-55BDDDC10AAB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43BB6979-8D13-4E2D-BB01-01BEF2E3D92E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{513EB463-F7A1-4CB9-9440-352D62D1366A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{52959F1B-A4D4-4467-BFB2-3773FAED4669}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58E6B341-B5E8-42F7-8DD3-337A4012BBFA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{65137BD2-4986-42DF-84B8-71B44BA42986}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{66BB2A11-ED80-40C4-88CD-C78C1679A97B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6766DF30-72A8-4A52-8933-FFAEEF49322C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6EBB2EE8-EDFD-49DE-9227-B6C35EEC26D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70E5748A-7770-4572-867A-6B66C02B2531}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{713C7225-DF22-4D82-8CC8-F70D0218A156}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74AF1C9D-293F-40E3-94AD-A21EF0A4B751}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{74BB7206-2CD2-44DD-9AF2-7C7BCD62BB10}" = lport=3390 | protocol=6 | dir=in | app=system |
"{75FB06AE-2F4C-4AC4-8F8D-75E47DA4422B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7677FF05-3A4F-4A19-AFEC-D590A0F7EDCA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A6DBF1C-02A1-4258-92B5-1F4B27AB56D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BC195F4-EE2F-4E26-A3A6-2DA576724651}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80DBA8E3-E9DD-4C6C-93E7-9B5C17C0AF0A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8BE5D26E-D747-44F6-8233-57DEBB046946}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93CB70DC-FD2E-42C0-BD53-D536BDF7051B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9FCEED9A-3CD2-4A25-A381-62A3686327E2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A241CBB3-5285-499C-8E20-D7D8BD763378}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2949601-88FE-42F8-A861-0AFB9FC96B7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA2FCEB8-665D-472A-889F-80B685C37606}" = rport=10244 | protocol=6 | dir=out | app=system |
"{AB99762E-C9D7-4870-B6A5-A4931792058A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD4FBA9B-AB29-45BB-9B1C-072CD6C0471A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B05DC7C2-A42B-4C98-B47A-F33846737389}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C2864CC5-EC92-4169-BBF1-E13C336E33AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C86C52AD-0377-4C4D-AEB9-5961445A9F54}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CA1366F5-389F-44E5-A4A5-7FD3CAD89AEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB2A25B6-F519-4BC8-AE74-746B3C48A8A5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF77C869-5BD9-41E7-A36F-21467802B51A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D067405B-2454-4078-BE8D-5F5F5E280F77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D27AC17B-7944-4D42-968F-63035F865B1E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D34862AB-97F3-4B72-A1A5-C9EC78ED987A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA96AF6E-2148-4A24-8FE4-A7E9EA923FAC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{DB769275-2B81-4AE0-A3ED-79FCE01B1D00}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DE7F9AC2-7FB4-4355-8ADA-BF1E621AF4F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E07BE0C0-7FFD-497D-81E2-799B35A4BD38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E60D8D93-6F07-4BA1-91A1-4B8B9B4FBA98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E939FA49-14A7-4979-90C3-E28950134553}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBBE004A-2739-41E3-88E5-B802E5870E65}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EF7FD160-1F0E-48A9-A42F-51F2342EF919}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EFB32ED7-A831-4A33-9F2B-56CB774B0A62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7D75B1B-3C6B-4018-8EAA-A89FB06981EC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FA2EED0D-472F-4F9C-81E9-2995DA554404}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF2B38C3-BE27-4E00-BC10-184FDC5F6E6D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094AE5C8-2FA5-4DB4-B820-FA916B6AFE83}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{0D03A67F-C5A2-42EE-B397-7E0F22964950}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{1302151B-CB9A-4DE9-A5C7-D04EC453C2B3}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{159BD7A5-CEC6-4388-9404-4E82D28947BF}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{172779CA-DAF2-4F38-A456-6E75A2CD4D03}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1FBC0CFE-9C54-4459-AEC2-90CCEE0AF68A}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{27BEFE81-DB94-459F-80CF-D1E5711DDB5D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2B1F7017-BD3B-4C1E-B091-4AAD1F89D25F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{38BA09EE-034E-4DA5-B691-299208058FF5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3A62E639-8080-4618-BDCF-5C37F749A6DE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{3B3F17BB-EBAA-4573-A983-6CFF793F8E19}" = protocol=58 | dir=in | [email protected],-148 |
"{3D4BBA37-5E59-47FB-A4A0-A3F8D172CF0C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{42010B38-A81D-4C55-8FB7-CDF443512176}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{48E6A59E-3D46-49D8-AA8F-400A323A9572}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4D4FD9D1-F9D8-4748-BFC1-4500DD3D1E15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5226B1E4-9868-40BF-AD23-D73310E3E863}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5267D29E-5565-4F69-B77D-76E69B26DE07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{529B0F43-769E-4498-84DF-22E37296F74F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{53BB0261-D5EE-4738-B311-436B116F89FB}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{5B6AA79A-F4EF-4BA3-988A-92F9000627F5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6273E478-76CB-4106-BEC5-36

[guestolo]

You have Utorrent running on startup, you may choose to disable from startup from within the programs Options, up to you

Your copy of Adobe Reader is outdated
We should update it to help plug security holes
From Programs and Features in Control Panel, choose to Uninstall
Adobe Reader 8.1.3

After it is uninstalled

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
     
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
     
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Right click on OTL.exe and choose to "Run as Admin"

• Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  

  :OTL
  :Reg
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
  "AntiVirusOverride"=dword:00000000
  :Files
  :Commands
  [EmptyTemp]
  [Reboot]

  
  
• Then click the [color="#FF0000"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition: Install the latest copy of Adobe Reader
You can find it at the following link
http://get.adobe.com/reader/

UNTICK the option to also install McAfee Security Scan or Google Toolbar, or similiar
Save the installer to Adobe Reader to desktop
Then right click on it and choose to "Run as Admin"
and follow the prompts to install
After it has successfully installed, ensure it is right up to date by clicking on HELP>>CHECK FOR UPDATES

Also, in Windows Control Panel open the Java icon
Let's ensure that Java is right up to date
Click on the UPDATE tab and then click on UPDATE NOW
If an update is found, you should get a notification
Follow the prompts to install the latest version

Please keep me informed how things are now running

[Andy k]

OTL yielded this log, I then manually rebooted. OTL did NOT run upon start-up ( just noting process)

OTL logfile created on: 7/4/2010 5:12:22 PM - Run 3
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\KARPE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 30.39 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 697.98 Gb Total Space | 538.40 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
 
Computer Name: BONES
Current User Name: KARPE
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
PRC - [2010/07/02 01:16:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 12:52:16 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2010/05/22 15:07:01 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/21 20:43:45 | 000,086,016 | ---- | M] () -- C:\Windows\Installer\MSI50A6.tmp
PRC - [2010/03/21 20:29:01 | 000,186,880 | ---- | M] (The Skins Factory, Inc) -- C:\Windows\Installer\MSID36C.tmp
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/17 18:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 03:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe
PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/21 20:43:45 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI50A6.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2010/03/21 20:29:01 | 000,186,880 | ---- | M] (The Skins Factory, Inc) [Auto | Running] -- C:\Windows\Installer\MSID36C.tmp -- (HyperdeskThemePatcher)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/06 19:11:46 | 003,007,488 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/05/05 18:53:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2007/03/27 16:06:00 | 000,104,000 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 13:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/06/13 22:31:21 | 000,080,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\caaf.sys -- (caaf)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/14 10:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/19 17:37:59 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 01:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/19 01:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/06/29 01:39:40 | 000,022,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Tablet2k.cat -- (Tablet2k)
DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/05/31 13:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2007/04/23 11:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/06 15:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/18 15:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 23:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 23:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 23:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/09/15 04:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 13:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WatchNow
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49617
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\program files\Mozilla Firefox\components [2010/07/02 01:16:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2010/07/04 17:01:12 | 000,000,000 | ---D | M]
 
[2010/07/04 14:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
 
O1 HOSTS File: ([2010/07/03 17:57:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ted.exe - Shortcut.lnk = C:\Program Files\Torrent Episode Downloader\ted.exe (Roel & Joost)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent - Shortcut.lnk = C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.112.12 68.238.96.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/21 03:53:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/04 17:04:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/04 17:04:44 | 000,000,000 | --SD | C] -- \ComboFix
[2010/07/04 17:00:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/04 17:00:54 | 000,000,000 | -HSD | C] -- \Config.Msi
[2010/07/03 18:33:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/03 18:33:39 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/07/03 18:10:06 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/07/03 18:10:06 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/07/03 18:10:06 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/07/03 18:10:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/07/03 18:10:06 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/07/03 18:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/03 18:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/03 17:57:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/03 17:32:20 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\KARPE\Desktop\Norton_Removal_Tool.exe
[2010/07/03 14:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/03 14:20:00 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF14123.exe
[2010/07/03 09:56:33 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
[2010/06/24 03:02:00 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:02:00 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:02:00 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/20 21:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/20 20:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/17 13:43:43 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\KARPE\Desktop\tools.exe
[2010/06/17 13:15:13 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/06/17 13:15:13 | 000,000,000 | ---D | C] -- \Malwarebytes' Anti-Malware
[2010/06/17 12:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nike
[2010/06/17 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nike
[2010/06/14 14:47:30 | 000,000,000 | ---D | C] -- C:\Users\KARPE\AppData\Local\Threat Expert
[2010/06/14 14:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/14 11:59:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/14 11:58:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/14 11:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/08 21:51:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/08 21:51:13 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/08 21:51:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/08 21:51:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/08 21:51:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/08 21:51:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/06/08 21:51:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/08 21:50:58 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[4 C:\Users\KARPE\Documents\*.tmp files -> C:\Users\KARPE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/04 17:11:35 | 005,242,880 | -HS- | M] () -- C:\Users\KARPE\ntuser.dat
[2010/07/04 17:10:24 | 000,124,344 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/04 17:07:46 | 000,124,344 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/04 17:07:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 17:07:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 17:07:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/04 17:07:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/04 17:06:56 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/04 17:05:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/04 17:05:13 | 000,524,288 | -HS- | M] () -- C:\Users\KARPE\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/04 17:05:13 | 000,065,536 | -HS- | M] () -- C:\Users\KARPE\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/04 17:05:11 | 006,291,456 | -H-- | M] () -- C:\Users\KARPE\AppData\Local\IconCache.db
[2010/07/04 10:31:25 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83AD95B8-9CDA-4BAD-830D-97BD8981DFEE}.job
[2010/07/04 02:31:38 | 000,344,864 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/04 02:31:38 | 000,316,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/04 02:31:38 | 000,038,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/03 17:58:20 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/03 17:57:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/03 17:32:23 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\KARPE\Desktop\Norton_Removal_Tool.exe
[2010/07/03 17:29:24 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKARPE.job
[2010/07/03 17:18:18 | 044,089,904 | ---- | M] () -- C:\Users\KARPE\Desktop\avira_antivir_personal_en.exe
[2010/07/03 17:15:41 | 000,060,524 | ---- | M] () -- C:\Users\KARPE\Desktop\Norton_Removal_Tool_SymNRT_d4749.html
[2010/07/03 14:19:44 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF14123.exe
[2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
[2010/06/30 11:58:36 | 000,002,831 | ---- | M] () -- C:\Windows\System32\requestBody.xml
[2010/06/30 11:58:36 | 000,002,799 | ---- | M] () -- C:\Windows\System32\responseBody.xml
[2010/06/30 11:58:36 | 000,001,059 | ---- | M] () -- C:\Windows\System32\request.gzip
[2010/06/29 23:02:01 | 000,238,592 | ---- | M] () -- C:\Users\KARPE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 10:53:21 | 000,000,181 | ---- | M] () -- C:\Windows\proposed.ini
[2010/06/29 10:53:14 | 017,446,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2010/06/29 10:53:13 | 000,001,118 | ---- | M] () -- C:\Users\KARPE\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/29 10:53:13 | 000,001,118 | ---- | M] () -- C:\Users\KARPE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/26 23:17:28 | 000,000,680 | ---- | M] () -- C:\Users\KARPE\AppData\Local\d3d9caps.dat
[2010/06/17 13:45:24 | 003,713,914 | ---- | M] () -- C:\Users\KARPE\Desktop\toolb.exe
[2010/06/17 13:43:46 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\KARPE\Desktop\tools.exe
[2010/06/17 13:11:14 | 000,000,414 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 00:39:17 | 000,001,698 | ---- | M] () -- C:\Users\KARPE\AppData\Local\Dkobemeyudafa.dat
[2010/06/14 00:39:17 | 000,000,000 | ---- | M] () -- C:\Users\KARPE\AppData\Local\Sbeliqe.bin
[2010/06/13 22:31:21 | 000,080,896 | ---- | M] () -- C:\Windows\System32\caaf.sys
[2010/06/10 04:01:06 | 001,718,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[4 C:\Users\KARPE\Documents\*.tmp files -> C:\Users\KARPE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/03 18:03:29 | 000,022,403 | ---- | C] () -- \ComboFix.txt
[2010/07/03 17:17:20 | 044,089,904 | ---- | C] () -- C:\Users\KARPE\Desktop\avira_antivir_personal_en.exe
[2010/07/03 17:15:39 | 000,060,524 | ---- | C] () -- C:\Users\KARPE\Desktop\Norton_Removal_Tool_SymNRT_d4749.html
[2010/06/29 10:53:25 | 055,062,271 | ---- | C] () -- C:\Users\KARPE\Desktop\DarkMatter Solar Flare Alloy.widget
[2010/06/29 10:53:22 | 047,957,939 | ---- | C] () -- C:\Users\KARPE\Desktop\DarkMatter Solar Flare Dark.widget
[2010/06/17 13:45:10 | 003,713,914 | ---- | C] () -- C:\Users\KARPE\Desktop\toolb.exe
[2010/06/17 13:34:45 | 000,061,418 | ---- | C] () -- \TDSSKiller.2.3.2.0_17.06.2010_13.34.45_log.txt
[2010/06/14 11:59:09 | 000,000,414 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/13 22:33:45 | 000,001,698 | ---- | C] () -- C:\Users\KARPE\AppData\Local\Dkobemeyudafa.dat
[2010/06/13 22:33:45 | 000,000,000 | ---- | C] () -- C:\Users\KARPE\AppData\Local\Sbeliqe.bin
[2010/06/13 22:31:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\caaf.sys
[2010/03/21 20:51:52 | 000,000,181 | ---- | C] () -- C:\Windows\proposed.ini
[2009/10/20 14:24:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/05/12 21:53:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/12 21:50:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/12 21:50:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/12 21:50:08 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/12 21:49:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/07 09:37:07 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/01/02 02:43:43 | 000,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2008/01/02 02:41:46 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2007/05/21 15:13:46 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/05/21 15:13:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/05/19 04:17:51 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/05/18 00:08:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/05/18 00:08:51 | 003,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/05/18 00:08:51 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/05/18 00:08:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/04/24 15:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2007/02/02 02:06:14 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/12/22 15:15:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\hllapi32.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< :Reg >
 
< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] >
 
< "DisableMonitoring"=- >
 
< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] >
 
< "DisableMonitoring"=- >
 
< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] >
 
< "DisableMonitoring"=- >
 
< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] >
 
< "AntiVirusOverride"=dword:00000000 >
 
< :Files >
 
< :Commands >
 
< [EmptyTemp] >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

[guestolo]

A copy of this log can also be found in
C:\_OTL\Moved Files folder

Can you look in that location for the log please

In addition: I'm not sure if that file has returned
Can you do the following
Go to this link
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to this file on your hard disk
C:\Windows\System32\caaf.sys<--this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Or better yet, just post the link to the results page

Also: this entry in your log,
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49617

Do you purposely set a proxy server setting within IE's Internet options?

[Andy k]

I can't navigate to the folder specified, I can't seem to locate C:\_OTL at all. I did, however, see this log saved to the desktop from about the time that I ran the last scan I'm pretty sure. IF it's not what we're looking for I'll dig deeper.

I don't use a proxy on purpose, but that was part of the issue when I first got the malware, a fake anti-virus was installed and blocked all internet access through the proxy settings. I dont ever use IE so I may have missed changing things back. I had to install Malwarebytes to a thumb drive and run it from that.

Also, I must be doing something wrong, I'm getting this when I submit that file "
0 bytes size received / Se ha recibido un archivo vacio

'

OTL logfile created on: 7/4/2010 5:12:22 PM - Run 3
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\KARPE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 30.39 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 697.98 Gb Total Space | 538.40 Gb Free Space | 77.14% Space Free | Partition Type: NTFS
Drive H: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded
 
Computer Name: BONES
Current User Name: KARPE
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color="#e56717"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
PRC - [2010/07/02 01:16:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 12:52:16 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2010/05/22 15:07:01 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/21 20:43:45 | 000,086,016 | ---- | M] () -- C:\Windows\Installer\MSI50A6.tmp
PRC - [2010/03/21 20:29:01 | 000,186,880 | ---- | M] (The Skins Factory, Inc) -- C:\Windows\Installer\MSID36C.tmp
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/17 18:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 03:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/04/11 12:27:00 | 000,040,960 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe
PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
 
 
[color="#e56717"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
 
 
[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/21 20:43:45 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI50A6.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2010/03/21 20:29:01 | 000,186,880 | ---- | M] (The Skins Factory, Inc) [Auto | Running] -- C:\Windows\Installer\MSID36C.tmp -- (HyperdeskThemePatcher)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/06 19:11:46 | 003,007,488 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/05/05 18:53:32 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/31 09:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2007/03/27 16:06:00 | 000,104,000 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 13:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
[color="#e56717"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/06/13 22:31:21 | 000,080,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\caaf.sys -- (caaf)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/14 10:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/19 17:37:59 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 01:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/19 01:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/06/29 01:39:40 | 000,022,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Tablet2k.cat -- (Tablet2k)
DRV - [2007/06/07 13:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/05/31 13:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2007/04/23 11:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/23 11:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/06 15:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation    ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/18 15:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 23:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 23:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 23:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/09/15 04:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 13:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color="#e56717"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WatchNow
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49617
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\program files\Mozilla Firefox\components [2010/07/02 01:16:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2010/07/04 17:01:12 | 000,000,000 | ---D | M]
 
[2010/07/04 14:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
 
O1 HOSTS File: ([2010/07/03 17:57:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ted.exe - Shortcut.lnk = C:\Program Files\Torrent Episode Downloader\ted.exe (Roel & Joost)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent - Shortcut.lnk = C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.112.12 68.238.96.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\KARPE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/21 03:53:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color="#e56717"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/07/04 17:04:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/04 17:04:44 | 000,000,000 | --SD | C] -- \ComboFix
[2010/07/04 17:00:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/04 17:00:54 | 000,000,000 | -HSD | C] -- \Config.Msi
[2010/07/03 18:33:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/03 18:33:39 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/07/03 18:10:06 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/07/03 18:10:06 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/07/03 18:10:06 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/07/03 18:10:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/07/03 18:10:06 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/07/03 18:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/03 18:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/07/03 17:57:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/03 17:32:20 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\KARPE\Desktop\Norton_Removal_Tool.exe
[2010/07/03 14:20:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/03 14:20:00 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF14123.exe
[2010/07/03 09:56:33 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
[2010/06/24 03:02:00 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:02:00 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:02:00 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/20 21:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/20 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/20 20:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/17 13:43:43 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\KARPE\Desktop\tools.exe
[2010/06/17 13:15:13 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/06/17 13:15:13 | 000,000,000 | ---D | C] -- \Malwarebytes' Anti-Malware
[2010/06/17 12:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nike
[2010/06/17 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nike
[2010/06/14 14:47:30 | 000,000,000 | ---D | C] -- C:\Users\KARPE\AppData\Local\Threat Expert
[2010/06/14 14:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/14 11:59:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/14 11:58:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/14 11:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/08 21:51:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/08 21:51:13 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/08 21:51:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/08 21:51:04 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/08 21:51:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/08 21:51:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/06/08 21:51:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/08 21:50:58 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[4 C:\Users\KARPE\Documents\*.tmp files -> C:\Users\KARPE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color="#e56717"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/07/04 17:11:35 | 005,242,880 | -HS- | M] () -- C:\Users\KARPE\ntuser.dat
[2010/07/04 17:10:24 | 000,124,344 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/04 17:07:46 | 000,124,344 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/04 17:07:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 17:07:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 17:07:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/04 17:07:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/04 17:06:56 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/04 17:05:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/04 17:05:13 | 000,524,288 | -HS- | M] () -- C:\Users\KARPE\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/04 17:05:13 | 000,065,536 | -HS- | M] () -- C:\Users\KARPE\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/04 17:05:11 | 006,291,456 | -H-- | M] () -- C:\Users\KARPE\AppData\Local\IconCache.db
[2010/07/04 10:31:25 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83AD95B8-9CDA-4BAD-830D-97BD8981DFEE}.job
[2010/07/04 02:31:38 | 000,344,864 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/04 02:31:38 | 000,316,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/04 02:31:38 | 000,038,602 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/03 17:58:20 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/03 17:57:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/03 17:32:23 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\KARPE\Desktop\Norton_Removal_Tool.exe
[2010/07/03 17:29:24 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKARPE.job
[2010/07/03 17:18:18 | 044,089,904 | ---- | M] () -- C:\Users\KARPE\Desktop\avira_antivir_personal_en.exe
[2010/07/03 17:15:41 | 000,060,524 | ---- | M] () -- C:\Users\KARPE\Desktop\Norton_Removal_Tool_SymNRT_d4749.html
[2010/07/03 14:19:44 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF14123.exe
[2010/07/03 09:56:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\KARPE\Desktop\OTL.exe
[2010/06/30 11:58:36 | 000,002,831 | ---- | M] () -- C:\Windows\System32\requestBody.xml
[2010/06/30 11:58:36 | 000,002,799 | ---- | M] () -- C:\Windows\System32\responseBody.xml
[2010/06/30 11:58:36 | 000,001,059 | ---- | M] () -- C:\Windows\System32\request.gzip
[2010/06/29 23:02:01 | 000,238,592 | ---- | M] () -- C:\Users\KARPE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 10:53:21 | 000,000,181 | ---- | M] () -- C:\Windows\proposed.ini
[2010/06/29 10:53:14 | 017,446,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2010/06/29 10:53:13 | 000,001,118 | ---- | M] () -- C:\Users\KARPE\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/29 10:53:13 | 000,001,118 | ---- | M] () -- C:\Users\KARPE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/26 23:17:28 | 000,000,680 | ---- | M] () -- C:\Users\KARPE\AppData\Local\d3d9caps.dat
[2010/06/17 13:45:24 | 003,713,914 | ---- | M] () -- C:\Users\KARPE\Desktop\toolb.exe
[2010/06/17 13:43:46 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\KARPE\Desktop\tools.exe
[2010/06/17 13:11:14 | 000,000,414 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 00:39:17 | 000,001,698 | ---- | M] () -- C:\Users\KARPE\AppData\Local\Dkobemeyudafa.dat
[2010/06/14 00:39:17 | 000,000,000 | ---- | M] () -- C:\Users\KARPE\AppData\Local\Sbeliqe.bin
[2010/06/13 22:31:21 | 000,080,896 | ---- | M] () -- C:\Windows\System32\caaf.sys
[2010/06/10 04:01:06 | 001,718,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[4 C:\Users\KARPE\Documents\*.tmp files -> C:\Users\KARPE\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color="#e56717"]========== Files Created - No Company Name ==========[/color]
 
[2010/07/03 18:03:29 | 000,022,403 | ---- | C] () -- \ComboFix.txt
[2010/07/03 17:17:20 | 044,089,904 | ---- | C] () -- C:\Users\KARPE\Desktop\avira_antivir_personal_en.exe
[2010/07/03 17:15:39 | 000,060,524 | ---- | C] () -- C:\Users\KARPE\Desktop\Norton_Removal_Tool_SymNRT_d4749.html
[2010/06/29 10:53:25 | 055,062,271 | ---- | C] () -- C:\Users\KARPE\Desktop\DarkMatter Solar Flare Alloy.widget
[2010/06/29 10:53:22 | 047,957,939 | ---- | C] () -- C:\Users\KARPE\Desktop\DarkMatter Solar Flare Dark.widget
[2010/06/17 13:45:10 | 003,713,914 | ---- | C] () -- C:\Users\KARPE\Desktop\toolb.exe
[2010/06/17 13:34:45 | 000,061,418 | ---- | C] () -- \TDSSKiller.2.3.2.0_17.06.2010_13.34.45_log.txt
[2010/06/14 11:59:09 | 000,000,414 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/13 22:33:45 | 000,001,698 | ---- | C] () -- C:\Users\KARPE\AppData\Local\Dkobemeyudafa.dat
[2010/06/13 22:33:45 | 000,000,000 | ---- | C] () -- C:\Users\KARPE\AppData\Local\Sbeliqe.bin
[2010/06/13 22:31:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\caaf.sys
[2010/03/21 20:51:52 | 000,000,181 | ---- | C] () -- C:\Windows\proposed.ini
[2009/10/20 14:24:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/05/12 21:53:16 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/12 21:50:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/12 21:50:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/12 21:50:08 | 000,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/05/12 21:49:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/07 09:37:07 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/01/02 02:43:43 | 000,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2008/01/02 02:41:46 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2007/05/21 15:13:46 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/05/21 15:13:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/05/19 04:17:51 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/05/18 00:08:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/05/18 00:08:51 | 003,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/05/18 00:08:51 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/05/18 00:08:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/04/24 15:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2007/02/02 02:06:14 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2006/11/29 03:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 03:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 03:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/12/22 15:15:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\hllapi32.dll
 
[color="#e56717"]========== Custom Scans ==========[/color]
 
 
[color="#a23bec"]< :OTL >[/color]
 
[color="#a23bec"]< :Reg >[/color]
 
[color="#a23bec"]< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] >[/color]
 
[color="#a23bec"]< "DisableMonitoring"=- >[/color]
 
[color="#a23bec"]< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] >[/color]
 
[color="#a23bec"]< "DisableMonitoring"=- >[/color]
 
[color="#a23bec"]< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] >[/color]
 
[color="#a23bec"]< "DisableMonitoring"=- >[/color]
 
[color="#a23bec"]< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] >[/color]
 
[color="#a23bec"]< "AntiVirusOverride"=dword:00000000 >[/color]
 
[color="#a23bec"]< :Files >[/color]
 
[color="#a23bec"]< :Commands >[/color]
 
[color="#a23bec"]< [EmptyTemp] >[/color]
 
[color="#a23bec"]< [Reboot] >[/color]
 
[color="#e56717"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

[guestolo]

Let's go another route please

Download DDS and save it to your desktop from [color="#FF0000"]here[/color]
Disable any script blocker, and then right  click  on dds.scr and choose to "Run as Admin"
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

[Andy k]

DDS (Ver_10-03-17.01) - NTFSx86
Run by KARPE at 0:18:54.44 on Mon 07/05/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1034 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Installer\MSI50A6.tmp
C:\Windows\Installer\MSID36C.tmp
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Users\KARPE\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Users\KARPE\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\program files\mozilla firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Users\KARPE\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.netflix.com/WatchNow
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:49617
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WTClient] WTClient.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\karpe\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\users\karpe\appdata\roaming\micros~1\windows\startm~1\programs\startup\tedexe~1.lnk - c:\program files\torrent episode downloader\ted.exe
StartupFolder: c:\users\karpe\appdata\roaming\micros~1\windows\startm~1\programs\startup\utorre~1.lnk - c:\program files\utorrent\uTorrent.exe
StartupFolder: c:\users\karpe\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\karpe\appdata\roaming\mozilla\firefox\profiles\bj820pen.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\users\karpe\appdata\roaming\mozilla\firefox\profiles\bj820pen.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",    5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",    false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",    2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",    1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",    5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-3 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-3 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-3 60936]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\installer\MSI50A6.tmp [2010-3-21 86016]
R2 HyperdeskThemePatcher;Hyperdesk's UxTheme Patcher;c:\windows\installer\MSID36C.tmp [2010-3-21 186880]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2007-6-7 18944]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2009-11-6 3007488]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2007-4-23 10752]
S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-1-6 199680]
S4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-1-7 104000]

=============== Created Last 30 ================

2010-07-04 22:35:11   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-03 22:33:39   0   d-sh--w-   C:\$RECYCLE.BIN
2010-07-03 22:10:06   60936   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-07-03 22:10:02   0   d-----w-   c:\programdata\Avira
2010-07-03 22:10:02   0   d-----w-   c:\program files\Avira
2010-07-03 18:20:00   318976   ----a-w-   c:\windows\system32\CF14123.exe
2010-06-24 07:02:00   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:02:00   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-06-24 07:02:00   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-06-24 07:02:00   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-06-24 07:01:59   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-06-21 01:03:52   0   d-----w-   c:\program files\iPod
2010-06-21 01:03:45   0   d-----w-   c:\program files\iTunes
2010-06-17 17:15:13   0   d-----w-   C:\Malwarebytes' Anti-Malware
2010-06-17 16:11:20   0   d-----w-   c:\programdata\Nike
2010-06-17 16:11:19   0   d-----w-   c:\program files\Nike
2010-06-14 18:26:21   0   d---a-w-   c:\programdata\TEMP
2010-06-14 15:59:12   0   d-----w-   c:\users\karpe\appdata\roaming\Malwarebytes
2010-06-14 15:59:06   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-14 15:58:58   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-14 15:58:58   0   d-----w-   c:\programdata\Malwarebytes
2010-06-14 02:31:21   80896   ----a-w-   c:\windows\system32\caaf.sys
2010-06-09 01:51:27   67072   ----a-w-   c:\windows\system32\asycfilt.dll
2010-06-09 01:51:13   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-06-09 01:51:12   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-06-09 01:51:06   834048   ----a-w-   c:\windows\system32\wininet.dll
2010-06-09 01:51:03   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-06-09 01:50:58   2037248   ----a-w-   c:\windows\system32\win32k.sys

==================== Find3M ====================

2010-07-04 22:32:04   124344   ----a-w-   c:\programdata\nvModes.dat
2010-06-29 14:53:14   17446912   ----a-w-   c:\windows\system32\imageres.dll
2010-06-21 00:56:32   51200   ----a-w-   c:\windows\inf\infpub.dat
2010-06-21 00:56:32   143360   ----a-w-   c:\windows\inf\infstrng.dat
2010-06-21 00:56:32   143360   ----a-w-   c:\windows\inf\infstor.dat
2010-05-31 03:49:04   7310   ----a-w-   c:\program files\InstallTasks.xml
2010-05-31 03:48:18   489472   ----a-w-   c:\program files\EmberAPI.dll
2010-05-31 03:48:17   2300928   ----a-w-   c:\program files\Ember Media Manager.exe
2010-05-31 03:48:14   886272   ----a-w-   c:\program files\System.Data.SQLite.dll
2010-05-31 03:48:13   192512   ----a-w-   c:\program files\ICSharpCode.SharpZipLib.dll
2010-05-21 18:14:28   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 20:35:16   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-04-23 14:13:55   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-04-20 00:47:44   3062048   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-04-14 15:09:49   62947   ----a-w-   c:\users\karpe\appdata\roaming\nvModes.dat
2009-10-21 05:47:57   665600   ----a-w-   c:\windows\inf\drvindex.dat
2008-09-19 23:07:10   174   --sha-w-   c:\program files\desktop.ini
2006-11-02 12:42:02   30674   ----a-w-   c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02   30674   ----a-w-   c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02   287440   ----a-w-   c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02   287440   ----a-w-   c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat
2008-05-07 21:29:55   16384   --sha-w-   c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2008-05-07 21:29:55   16384   --sha-w-   c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2008-05-07 21:29:55   32768   --sha-w-   c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 0:20:19.89 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2007 11:58:49 AM
System Uptime: 7/4/2010 5:53:41 PM (7 hours ago)

Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Socket S1 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 105 GiB total, 28.247 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.628 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 698 GiB total, 538.399 GiB free.
H: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Acrobat 9 Pro
Adobe Acrobat 9.3.2 - CPSID_53951
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Reader 9.3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arta Software version 1.5.0
ASL_HS_Installer32
Aspell English Dictionary-0.50-2
AutoUpdate
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Bonjour
Bonjour Core for Windows
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Conexant HD Audio
Defraggler
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EventGhost 0.3.7.r1436
Express Burn
Express Rip
FaceMorpher Lite 2.5
ffdshow [rev 1324] [2007-07-01]
FileZilla Client 3.0.4.1
FoxyTunes for Firefox
Gaim (remove only)
GNU Aspell 0.50-3
Google Earth
Goombah Partner COM Server
GTK+ Runtime 2.14.7 rev a (remove only)
HijackThis 2.0.2
HOLMImpulse
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP iPAQ rx5900 Travel Companion
HP iPAQ Setup Assistant v1.0.4.0
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0041
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Hyperdesk - DarkMatter Gamma Ray
Hyperdesk - DarkMatter Solar Flare
Infra Recorder
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 20
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
MediaInfo 0.7.30
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Motorola USB Drivers v2.9
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My HP Games
Netflix Movie Viewer
Nike+ Connect
NVIDIA Drivers
ObjectDock
OGA Notifier 2.0.0048.0
PDF Settings
Pidgin
PlayOn
PS_AIO_02_Software_Min
PSP Video 9 2.25
QuickTime
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Ruckus Player
Safari
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Synaptics Pointing Device Driver
TheMP3Renamer
theRenamer 6.3
Toolbox
Torrent Episode Downloader
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon FiOS Media Manager
Videora iPod Converter 5.03
Virtual DJ Home Edition - Atomix Productions
VLC Connection Utility 2.11
VLC media player 1.0.3
WavePad Uninstall
WD Diagnostics
Windows 7 Upgrade Advisor
Windows Essentials Media Codec Pack 2.2b
Windows Media Player Firefox Plugin
WinISD beta
WinRAR archiver
XBMC
Yahoo! Widgets
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== End Of File ===========================