Solved Multiple system attacks

Jim911Fire · 2012/02/03

[Resolved] Multiple system attacks

I have multiple issues and it’s getting worse. I have webpage redirects, spam being sent from my email accounts and what appears to be a site that everything is going through before going to the actual site I wanted.

It started with me noticing that my laptop seemed to be moving slower. I noticed that every site I went to, my computer said it was connecting to "knhhoe.springcrab.comâ€. I can’t find this site on the web so Iâ€™m assuming I have a bug. I run al sorts of virus and malware programs.

I have run Lavasoft, SpybotSD, Malwarebytes anti-malware, Superantispyware, Housecall, eTrust, Avira. None of them could seem to find anything. Today out of shear frustration I un-installed my two email programs to prevent further spam being sent to my friends. My next step if I can’t fix this is to just buy a new laptop. Can anyone help me before I take this next step.

Thanks

MrBill · 2012/02/03

Post the requested logs and let Broni look at them.

Go to User CP near the top left and fill out your System info and be sure to SAVE it.

Admin. · 2012/02/03

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

Jim911Fire · 2012/02/03

Sorry misread it...thought you didn't want it right away but that was attachments, my mistake.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jim :: LAPTOP [administrator]

2/1/2012 2:42:02 PM
mbam-log-2012-02-01 (14-42-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 475347
Time elapsed: 2 hour(s), 50 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-03 07:01:12
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
Running: yppfyx2v.exe; Driver: C:\Users\Jim\AppData\Local\Temp\uxldapow.sys

---- System - GMER 1.0.15 ----

SSDT 93A99396 ZwCreateSection
SSDT 93A993A0 ZwRequestWaitReplyPort
SSDT 93A9939B ZwSetContextThread
SSDT 93A993A5 ZwSetSecurityObject
SSDT 93A993AA ZwSystemDebugControl
SSDT 93A99337 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 8347C369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B5D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 834BCEAC 4 Bytes [96, 93, A9, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 834BD208 4 Bytes [A0, 93, A9, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 834BD24C 4 Bytes [9B, 93, A9, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 834BD2C8 4 Bytes [A5, 93, A9, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 834BD31C 4 Bytes [AA, 93, A9, 93]
.text ...
init C:\Windows\system32\DRIVERS\i8042HDR.sys entry point in "init" section [0x9439CC00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74182437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74165600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74178514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74174CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7417506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74175144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74176671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7417826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7417901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7417E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74174BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000088 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 12:37:31
-----------------------------
12:37:31.485 OS Version: Windows 6.1.7601 Service Pack 1
12:37:31.486 Number of processors: 2 586 0xF0A
12:37:31.487 ComputerName: LAPTOP UserName: Jim
12:37:33.519 Initialize success
12:38:45.074 AVAST engine defs: 12020100
12:40:00.907 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:40:00.910 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
12:40:00.913 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
12:40:00.916 Disk 1 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
12:40:00.920 Disk 2 \Device\Harddisk2\DR2 -> \Device\000000b2
12:40:00.923 Disk 2 Vendor: RICOH 01 Size: 152627MB BusType: 0
12:40:00.935 Disk 0 MBR read successfully
12:40:00.940 Disk 0 MBR scan
12:40:00.946 Disk 0 Windows 7 default MBR code
12:40:00.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144082 MB offset 63
12:40:00.991 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7439 MB offset 295081920
12:40:01.007 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1103 MB offset 310319104
12:40:01.042 Disk 0 scanning sectors +312578048
12:40:01.149 Disk 0 scanning C:\Windows\system32\drivers
12:40:19.097 Service scanning
12:40:21.174 Modules scanning
12:40:35.013 Disk 0 trace - called modules:
12:40:35.035 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
12:40:35.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87513848]
12:40:35.047 3 CLASSPNP.SYS[8bfb859e] -> nt!IofCallDriver -> [0x866ea958]
12:40:35.053 5 ACPI.sys[8b81b3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86712028]
12:40:36.596 AVAST engine scan C:\Windows
12:40:44.183 AVAST engine scan C:\Windows\system32
12:44:19.212 AVAST engine scan C:\Windows\system32\drivers
12:44:37.487 AVAST engine scan C:\Users\Jim
13:07:32.425 AVAST engine scan C:\ProgramData
13:33:01.933 Scan finished successfully
13:42:53.642 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat "
13:42:53.657 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt "

Jim911Fire · 2012/02/03

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Jim at 19:40:26 on 2012-02-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1731 [GMT -8:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WLSync] c:\program files\windows live\mesh\WLSync.exe /background
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\users\jim\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jim\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Open with WordPerfect
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: ca.gov\cadweb.fire
Trusted Zone: intuit.com\ttlc
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840} : DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840}\84F6D65675966496 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840}\E4544574541425F5548545 : DhcpNameServer = 192.168.1.250
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840}\E4F62736F60264962756023547164796F6E6025373 : DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
TCP: Interfaces\{44B791D8-773B-4AD9-8574-237F0B38F98D} : DhcpNameServer = 172.26.38.1 172.26.38.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jim\appdata\roaming\mozilla\firefox\profiles\lf4vcbly.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jim\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-31 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-10 101720]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-1-31 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-1-31 110032]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-17 20376]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-31 74640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
R3 i8042HDR;Keyboard Filter Driver;c:\windows\system32\drivers\i8042HDR.sys [2011-8-17 13224]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2011-11-15 6639616]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-6 267880]
S2 ArcGIS License Manager;ArcGIS License Manager;k:\fban\arcgis10\desktop10.0\license\license10.0\bin\lmgrd.exe --> k:\fban\arcgis10\desktop10.0\license\license10.0\bin\lmgrd.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98ffac72d3350;Google Update Service (gupdate1c98ffac72d3350);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-3-10 121416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2010-3-10 125512]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-7-16 67840]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-7-16 107776]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-7-16 8064]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2009-2-19 37120]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 25112]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-17 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-3 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WPFFontCache_v0400;WPFFontCache_v0400; [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-03 21:08:11 -------- d-----w- c:\users\jim\appdata\local\{112A2373-C6F5-4144-AF19-1D43EA7CEE26}
2012-02-03 21:07:39 -------- d-----w- c:\users\jim\appdata\local\{0B03A76C-B5B7-47CD-8C41-F3F1AE1FB81E}
2012-02-03 21:02:03 -------- d-----w- c:\users\jim\appdata\roaming\MSNInstaller
2012-02-03 20:59:02 -------- d-----w- c:\users\jim\appdata\local\{6D896E0F-E7EA-49C0-B264-8E846057CFB5}
2012-02-03 20:58:22 -------- d-----w- c:\users\jim\appdata\local\{797B7ED0-6687-44AB-AEE6-8C898EA4B0AB}
2012-02-03 20:53:43 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d722f4ac-d70c-411d-a5e0-1767f4b0d1c0}\offreg.dll
2012-02-03 20:21:46 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2012-02-03 20:20:38 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-02-03 20:20:38 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-02-03 20:20:36 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-02-03 20:19:31 15712 ----a-w- c:\program files\common files\windows live\.cache\235914231cce2b101\MeshBetaRemover.exe
2012-02-03 18:31:12 -------- d-----w- c:\users\jim\appdata\local\{98B04880-C883-4BDF-A3EE-046EF25D6BC3}
2012-02-03 18:30:50 -------- d-----w- c:\users\jim\appdata\local\{2218FAA8-C6EB-45BE-B945-179FEC678838}
2012-02-03 09:03:13 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d722f4ac-d70c-411d-a5e0-1767f4b0d1c0}\mpengine.dll
2012-02-03 08:41:05 -------- d-----w- c:\users\jim\appdata\local\{1ADFA923-2437-44F5-B95C-9BCDDD4A895D}
2012-02-03 07:17:58 -------- d-----w- c:\users\jim\appdata\local\{D385A999-D1CD-4A55-BB34-69A02C342266}
2012-02-03 07:17:29 -------- d-----w- c:\users\jim\appdata\local\{E22E55B4-812A-4484-8CF3-D8B4A357B15B}
2012-02-03 07:02:13 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-03 07:02:11 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-03 07:02:11 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-03 05:27:00 -------- d-----w- c:\users\jim\appdata\local\{7FF10DF5-140A-4FCC-A539-043DA5AA28F9}
2012-02-03 05:26:38 -------- d-----w- c:\users\jim\appdata\local\{92C37439-6CB8-40D4-99BC-0CE8DA6572B9}
2012-02-03 04:41:04 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-03 04:40:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-03 04:40:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-03 04:40:39 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-03 04:40:39 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-03 04:40:38 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-03 04:40:38 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-03 04:40:38 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-03 04:40:38 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-03 04:40:38 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-03 04:40:38 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-02-03 04:33:23 -------- d-----w- c:\users\jim\appdata\local\{BF344893-5817-4689-A189-DADC9EE5F6B3}
2012-02-03 04:32:41 -------- d-----w- c:\users\jim\appdata\local\{FEA46AD1-8CDB-4F78-8133-37F5D7192EA6}
2012-02-03 04:22:25 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-03 04:22:23 708608 ----a-w- c:\program files\common files\system\wab32.dll
2012-02-03 04:22:17 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 04:22:11 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-02-03 04:22:05 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-03 04:21:57 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-03 04:21:57 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-03 04:14:50 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-03 02:27:52 -------- d-----w- c:\program files\iPod
2012-02-03 02:27:51 -------- d-----w- c:\program files\iTunes
2012-02-03 01:53:41 -------- d-----w- c:\users\jim\appdata\local\{139002A5-A096-4A2F-8C39-4CB98B09CB83}
2012-02-03 01:52:50 -------- d-----w- c:\users\jim\appdata\local\{24B3C0C1-9079-42CD-8E1A-11C2BDFB428F}
2012-02-02 05:23:52 -------- d-----w- c:\users\jim\appdata\local\{1EB4BC61-EA55-4179-A669-DBE984895C1E}
2012-02-02 05:23:29 -------- d-----w- c:\users\jim\appdata\local\{8E384797-DF3E-4422-891A-649EE6EDE912}
2012-02-02 02:57:45 -------- d-----w- c:\users\jim\appdata\local\{574F5EAB-B572-416E-ACE4-00F853A7B242}
2012-02-02 02:57:27 -------- d-----w- c:\users\jim\appdata\local\{C7D4CE4E-4402-48EB-9467-A6BAA81FED9F}
2012-02-01 20:03:48 -------- d-----w- c:\program files\ESET
2012-02-01 19:40:43 -------- d-----w- c:\users\jim\appdata\local\{5B6F2543-16FE-4122-BE9B-836FE94C69AA}
2012-02-01 19:39:55 -------- d-----w- c:\users\jim\appdata\local\{8B602684-D8FF-4C30-9775-4DA31530BAFA}
2012-02-01 03:43:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-01 03:43:48 -------- d-----w- c:\users\jim\appdata\local\temp
2012-01-31 23:39:56 -------- d-----w- c:\users\jim\appdata\local\{DCA7A2D2-BA44-4B7F-B272-CE98CE94E430}
2012-01-31 23:39:39 -------- d-----w- c:\users\jim\appdata\local\{CAD27975-520A-4956-A87A-763775D5F359}
2012-01-31 22:54:52 -------- d-----w- c:\users\jim\appdata\local\{2F8888DE-2B1F-4D00-BAEF-A4100911534A}
2012-01-31 22:54:42 -------- d-----w- c:\users\jim\appdata\local\{B3871551-51CA-4FF1-832A-95D769620FD5}
2012-01-31 22:37:08 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-31 22:37:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-31 06:38:30 -------- d-----w- c:\users\jim\appdata\local\{FD9534F8-D348-4C58-A9DD-F38A03BDC413}
2012-01-31 06:38:20 -------- d-----w- c:\users\jim\appdata\local\{EA3F6A93-1475-4936-A897-B6AC955EFA71}
2012-01-30 17:20:50 -------- d-----w- c:\users\jim\appdata\roaming\Avira
2012-01-30 17:20:23 -------- d-----w- c:\programdata\Avira
2012-01-30 17:20:23 -------- d-----w- c:\program files\Avira
2012-01-30 08:19:30 98816 ----a-w- c:\windows\sed.exe
2012-01-30 08:19:30 518144 ----a-w- c:\windows\SWREG.exe
2012-01-30 08:19:30 256000 ----a-w- c:\windows\PEV.exe
2012-01-30 08:19:30 208896 ----a-w- c:\windows\MBR.exe
2012-01-30 06:41:38 -------- d-----w- c:\users\jim\appdata\local\{0020517A-7462-42F4-AC2D-70C1A6595554}
2012-01-30 06:41:26 -------- d-----w- c:\users\jim\appdata\local\{D428D4FB-808C-4419-A62E-844C0694DFE4}
2012-01-29 05:51:58 -------- d-----w- c:\users\jim\appdata\local\{CC9EB423-2C06-4DEC-AE02-0DECDBE1338E}
2012-01-29 05:51:44 -------- d-----w- c:\users\jim\appdata\local\{2C51C2D1-1E36-4E9A-9C86-98553B989451}
2012-01-26 15:34:46 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-26 15:34:46 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-26 15:34:46 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-26 15:34:46 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-26 05:52:44 -------- d-----w- c:\users\jim\appdata\local\{58D5DC70-3DCA-4A67-A1AF-87A329658937}
2012-01-26 05:52:34 -------- d-----w- c:\users\jim\appdata\local\{6D43E982-D4D1-45D7-B953-590705E5D188}
2012-01-26 02:13:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-01-26 00:42:35 -------- d-----w- c:\users\jim\appdata\local\{F1DFE142-FCC9-4C3B-817D-813A0F4CD057}
2012-01-26 00:42:21 -------- d-----w- c:\users\jim\appdata\local\{4B5038CD-44B8-4693-B45F-A68E36EB5D38}
2012-01-25 08:21:32 -------- d-----w- c:\users\jim\appdata\local\{329EC6E0-C8B1-4522-844C-22D3DF73A1D5}
2012-01-25 08:21:21 -------- d-----w- c:\users\jim\appdata\local\{89F001E8-1041-45C5-BDBB-C8FBEFDB522E}
2012-01-24 18:35:27 -------- d-----w- c:\users\jim\appdata\local\{5236C534-F9B3-46B5-8253-1F19AE2DCAB8}
2012-01-24 18:35:16 -------- d-----w- c:\users\jim\appdata\local\{2A4C67E8-254F-4C2D-AC35-AC5CDE6C5346}
2012-01-24 05:57:40 -------- d-----w- c:\users\jim\appdata\local\{D138BDC8-4EA1-4F71-8FC1-B3A90C04FCDE}
2012-01-24 05:57:29 -------- d-----w- c:\users\jim\appdata\local\{064965A4-ECB1-4913-B171-F7C5D6B1BE24}
2012-01-23 03:46:21 -------- d-----w- c:\users\jim\appdata\local\{F602AB2C-2D1B-4DC2-B1C6-8FC3D07A6F77}
2012-01-23 03:45:53 -------- d-----w- c:\users\jim\appdata\local\{455DEFF9-2257-41E2-93D4-378668D3E394}
2012-01-23 00:53:13 -------- d-----w- c:\program files\SpywareBlaster
2012-01-21 05:23:00 -------- d-----w- c:\users\jim\appdata\local\{A34090C8-74FC-45AC-85EA-BD601C0B98F2}
2012-01-21 05:22:58 -------- d-----w- c:\users\jim\appdata\local\{03EAB1DF-6322-4632-AD97-3925793E1CAE}
2012-01-21 04:57:15 -------- d-----w- c:\users\jim\appdata\local\{F5B840F0-8339-4B5F-99C1-D11E79DEA112}
2012-01-21 04:57:13 -------- d-----w- c:\users\jim\appdata\local\{B06E515D-0844-45DB-A514-D7D5FD2A1003}
2012-01-20 00:21:16 -------- d-----w- c:\users\jim\appdata\local\{B62551F8-BD5E-4250-BEA3-D2D95B0A6583}
2012-01-19 05:24:14 -------- d-----w- c:\users\jim\appdata\local\{0A890FB9-60A3-4887-A523-8EF968F6EA63}
2012-01-19 05:24:00 -------- d-----w- c:\users\jim\appdata\local\{C559914D-4B10-4545-B736-278CB0B92268}
2012-01-18 05:27:34 -------- d-----w- c:\users\jim\appdata\local\{286AA0EB-68F2-4FFD-B28C-32544268F25D}
2012-01-18 05:27:15 -------- d-----w- c:\users\jim\appdata\local\{3B41190A-30C2-464A-9ABE-FD6F78D9A7E6}
2012-01-18 05:25:12 -------- d-----w- c:\users\jim\appdata\local\{0C1BD8CE-17A5-4C73-9943-8C93FC59C559}
2012-01-18 05:24:14 -------- d-----w- c:\users\jim\appdata\local\{3F933675-7A40-405F-BA4B-0F74A041FD55}
2012-01-17 05:12:56 -------- d-----w- c:\users\jim\appdata\local\{5EA93AC1-8CDF-406E-81F8-D60FCE05A70B}
2012-01-17 05:12:33 -------- d-----w- c:\users\jim\appdata\local\{3705F6FF-D6F8-48EF-92BE-B0C707429A57}
2012-01-17 02:53:13 -------- d-----w- c:\users\jim\appdata\local\{40230CA4-29F9-4E1B-83DE-CE875FB120AE}
2012-01-17 02:52:51 -------- d-----w- c:\users\jim\appdata\local\{53FA5E8B-B187-4FB3-820A-7FA79C6D1097}
2012-01-16 18:49:53 -------- d-----w- c:\users\jim\appdata\local\{02C76EA5-DC07-4880-A953-1AF5E609382E}
2012-01-16 18:49:31 -------- d-----w- c:\users\jim\appdata\local\{86570867-E2AE-4B64-95EA-21370FD0FD03}
2012-01-16 17:14:39 -------- d-----w- c:\users\jim\appdata\local\{1FB0D6CD-9EB2-4298-933C-2929D43743E6}
2012-01-16 17:14:00 -------- d-----w- c:\users\jim\appdata\local\{B1F86998-E471-40E7-8510-E68B926FE8EF}
2012-01-13 21:55:39 -------- d-----w- c:\users\jim\appdata\local\{E76747F9-FE11-45C1-990F-986A99CA1BE0}
2012-01-13 21:55:30 -------- d-----w- c:\users\jim\appdata\local\{7BD64BD1-54B5-43C8-B3A2-9C1262E93149}
2012-01-13 06:49:40 -------- d-----w- c:\users\jim\appdata\local\{74A64CDD-E886-4A61-9669-816095380105}
2012-01-13 06:49:35 -------- d-----w- c:\users\jim\appdata\local\{17568FC1-E11C-48B1-BAD2-2453C5AE1466}
2012-01-13 00:16:16 -------- d-----w- c:\users\jim\appdata\local\{9A2CBB75-2822-4FC5-8FA8-CDD91A7CB1EE}
2012-01-12 05:02:53 -------- d-----w- c:\users\jim\appdata\local\{72A6593C-15CB-4D9F-B03D-420BF4643A11}
2012-01-12 05:02:22 -------- d-----w- c:\users\jim\appdata\local\{5568FB31-AC5A-4CE8-A6E4-A6470932C191}
2012-01-10 06:06:16 -------- d-----w- c:\users\jim\appdata\local\{34AF53AA-57FC-4E21-9492-A6299FE56CD6}
2012-01-10 06:05:56 -------- d-----w- c:\users\jim\appdata\local\{986DFB5D-919B-4032-B021-F73181F13872}
2012-01-08 04:09:32 -------- d-----w- c:\users\jim\appdata\local\{AEC1D457-871D-4671-AFD4-1AFC5CD22ABE}
2012-01-08 04:09:22 -------- d-----w- c:\users\jim\appdata\local\{F639AC1B-6B4C-4CB4-9C78-C1D77A774AAB}
2012-01-08 03:59:01 -------- d-----w- c:\users\jim\appdata\local\{A14B9DA0-7A58-4ACB-BEB9-23DD41E1DDA9}
2012-01-08 03:58:50 -------- d-----w- c:\users\jim\appdata\local\{9966E467-D0FF-49C4-84CF-CD035FE79668}
2012-01-07 06:51:12 -------- d-----w- c:\users\jim\appdata\local\{962555A7-5FE0-4145-BCA6-C9ADC2986787}
2012-01-07 06:51:01 -------- d-----w- c:\users\jim\appdata\local\{B34BA275-449E-4E98-9F77-2DCB9E820C0D}
2012-01-06 21:56:19 -------- d-----w- c:\users\jim\appdata\local\{F394834A-1715-4347-8A7B-589CE22D490A}
2012-01-06 21:55:48 -------- d-----w- c:\users\jim\appdata\local\{D3DA910C-8F67-41C0-B200-E87EC5B2FE91}
2012-01-06 18:31:05 -------- d-----w- c:\users\jim\appdata\local\{C413AF6F-86F9-484D-AAAC-F8D07D5AD865}
2012-01-06 18:30:48 -------- d-----w- c:\users\jim\appdata\local\{CDA2156C-0764-445A-AAE7-47EEC65C12D9}
2012-01-05 17:51:34 -------- d-----w- c:\users\jim\appdata\local\{4CFEADF1-D9E5-4BCF-98EB-DF6879E7825B}
2012-01-05 17:51:23 -------- d-----w- c:\users\jim\appdata\local\{193A48F5-1E56-498B-9F58-41F671BCAFA4}
2012-01-05 04:36:06 -------- d-----w- c:\users\jim\appdata\local\{4FC41531-6713-4003-B6E1-F2EAA0020BDC}
2012-01-05 04:35:54 -------- d-----w- c:\users\jim\appdata\local\{9DD10F2A-8690-44A8-95C6-81E9FBBA6F22}
.
==================== Find3M ====================
.
2012-01-27 08:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 04:09:50 6639616 ----a-w- c:\windows\system32\drivers\NETwLv32.sys
2011-11-16 04:09:49 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2011-11-16 04:09:49 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2008-01-28 19:10:38 441856 ----a-w- c:\program files\xpodclone.exe
.
============= FINISH: 19:41:59.02 ===============

broni · 2012/02/03

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

I still need Attach.txt part of DDS.

Jim911Fire · 2012/02/03

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/2/2010 6:11:48 PM
System Uptime: 2/3/2012 1:03:33 PM (7 hours ago)
.
Motherboard: Quanta | | 30CB
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U2E1 | 2001/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 18.393 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 140.299 GiB free.
E: is FIXED (NTFS) - 7 GiB total, 0.717 GiB free.
F: is FIXED (NTFS) - 1 GiB total, 1.035 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #8
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0033
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #34
PNP Device ID: ROOT\*6TO4MP\0033
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0008
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #9
PNP Device ID: ROOT\*6TO4MP\0008
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0034
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #35
PNP Device ID: ROOT\*6TO4MP\0034
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0009
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #10
PNP Device ID: ROOT\*6TO4MP\0009
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0035
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #36
PNP Device ID: ROOT\*6TO4MP\0035
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0010
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #11
PNP Device ID: ROOT\*6TO4MP\0010
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0036
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #37
PNP Device ID: ROOT\*6TO4MP\0036
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0011
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #12
PNP Device ID: ROOT\*6TO4MP\0011
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0037
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #38
PNP Device ID: ROOT\*6TO4MP\0037
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0012
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #13
PNP Device ID: ROOT\*6TO4MP\0012
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0038
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #39
PNP Device ID: ROOT\*6TO4MP\0038
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0013
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #14
PNP Device ID: ROOT\*6TO4MP\0013
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0039
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #40
PNP Device ID: ROOT\*6TO4MP\0039
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0014
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #15
PNP Device ID: ROOT\*6TO4MP\0014
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0040
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #41
PNP Device ID: ROOT\*6TO4MP\0040
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0015
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #16
PNP Device ID: ROOT\*6TO4MP\0015
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0041
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #42
PNP Device ID: ROOT\*6TO4MP\0041
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0016
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #17
PNP Device ID: ROOT\*6TO4MP\0016
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0042
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #43
PNP Device ID: ROOT\*6TO4MP\0042
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0017
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #18
PNP Device ID: ROOT\*6TO4MP\0017
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0043
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #44
PNP Device ID: ROOT\*6TO4MP\0043
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0018
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #19
PNP Device ID: ROOT\*6TO4MP\0018
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0044
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #45
PNP Device ID: ROOT\*6TO4MP\0044
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0019
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #20
PNP Device ID: ROOT\*6TO4MP\0019
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0045
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #46
PNP Device ID: ROOT\*6TO4MP\0045
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0020
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #21
PNP Device ID: ROOT\*6TO4MP\0020
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: eabfiltr
Device ID: ROOT\LEGACY_EABFILTR\0000
Manufacturer:
Name: eabfiltr
PNP Device ID: ROOT\LEGACY_EABFILTR\0000
Service: eabfiltr
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0046
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #47
PNP Device ID: ROOT\*6TO4MP\0046
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0021
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #22
PNP Device ID: ROOT\*6TO4MP\0021
Service: tunnel
.
Class GUID:
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0047
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #48
PNP Device ID: ROOT\*6TO4MP\0047
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0022
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #23
PNP Device ID: ROOT\*6TO4MP\0022
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0048
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #49
PNP Device ID: ROOT\*6TO4MP\0048
Service: tunnel
.
Class GUID:
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0023
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #24
PNP Device ID: ROOT\*6TO4MP\0023
Service: tunnel
.
Class GUID:
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0024
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #25
PNP Device ID: ROOT\*6TO4MP\0024
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0025
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #26
PNP Device ID: ROOT\*6TO4MP\0025
Service: tunnel
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0026
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #27
PNP Device ID: ROOT\*6TO4MP\0026
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #28
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0028
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #29
PNP Device ID: ROOT\*6TO4MP\0028
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0029
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #30
PNP Device ID: ROOT\*6TO4MP\0029
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #5
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0030
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #31
PNP Device ID: ROOT\*6TO4MP\0030
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #6
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0031
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #32
PNP Device ID: ROOT\*6TO4MP\0031
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #7
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0032
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #33
PNP Device ID: ROOT\*6TO4MP\0032
Service: tunnel
.
==== System Restore Points ===================
.
RP317: 1/30/2012 9:11:06 AM - Removed Ad-Aware
RP318: 1/30/2012 9:28:13 AM - Windows Update
RP320: 1/30/2012 3:51:08 PM - Avira Free Antivirus - 1/30/2012 15:51
RP321: 1/30/2012 6:52:15 PM - Windows Update
RP322: 1/30/2012 9:22:13 PM - Removed Ad-Aware
RP323: 1/31/2012 2:42:05 PM - Removed Windows Live Mesh ActiveX Control for Remote Connections
RP324: 1/31/2012 8:02:51 PM - Windows Update
RP325: 2/1/2012 9:38:56 PM - Windows Update
RP326: 2/1/2012 9:40:56 PM - Windows Update
RP327: 2/2/2012 8:14:59 PM - Windows Update
RP328: 2/2/2012 8:17:15 PM - Windows Update
RP329: 2/2/2012 8:22:27 PM - Windows Update
RP330: 2/2/2012 8:41:29 PM - Windows Update
RP331: 2/2/2012 11:02:18 PM - Windows Update
RP332: 2/2/2012 11:44:23 PM - Windows Update
RP333: 2/2/2012 11:55:31 PM - Windows Update
RP334: 2/2/2012 11:59:43 PM - Windows Update
RP335: 2/3/2012 12:02:45 AM - Windows Update
RP336: 2/3/2012 12:04:49 AM - Windows Update
RP337: 2/3/2012 12:15:09 AM - Windows Update
RP339: 2/3/2012 12:19:36 PM - Installed DirectX
RP341: 2/3/2012 12:20:23 PM - Installed DirectX
RP342: 2/3/2012 12:21:32 PM - WLSetup
RP343: 2/3/2012 5:51:26 PM - Removed Windows Live Mesh ActiveX Control for Remote Connections
RP344: 2/3/2012 5:52:14 PM - Removed Windows Live Mesh ActiveX Control for Remote Connections
RP345: 2/3/2012 5:59:22 PM - Removed Windows Live Sync
RP347: 2/3/2012 6:07:57 PM - Installed DirectX
RP349: 2/3/2012 6:08:43 PM - Installed DirectX
RP350: 2/3/2012 6:09:12 PM - WLSetup
RP351: 2/3/2012 6:13:29 PM - Removed Windows Live Mesh ActiveX Control for Remote Connections
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
6400_Help
ABC Amber BlackBerry Editor
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Akamai NetSession Interface
Akamai NetSession Interface Service
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcGIS Desktop 10
ArcGIS Explorer
ArcGIS License Manager 10
AT&T Communication Manager
Audacity 1.3.7 (Unicode)
AVG PC Tuneup 2011
Avira Free Antivirus
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
BlackBerry® Media Sync
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Business Contact Manager for Outlook 2007 SP2
Canon Inkjet Printer Driver Add-On Module
Canon iP100 series
Canon iP100 series User Registration
Canon Setup Utility 2.4
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Cisco Connect
CustomerResearchQFolder
D3DX10
Daniusoft Digital Music Converter(Build 2.4.1.0)
Debugging Tools for Windows (x86)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5.4 Limited Edition
Destinations
DeviceDiscovery
DeviceManagementQFolder
DIGOpt
DocMgr
DocProc
DocProcQFolder
Driver Installer
Dropbox
eFax Messenger
ESU for Microsoft Vista
eSupportQFolder
Facebook Plug-In
FARSITE 4
Fax
FCCS
File Type Assistant
Fire Characteristics Chart v1.0
FireFamily Plus 4.1 beta
FlamMap3
Garmin BaseCamp
Garmin TOPO U.S. 24K West v2
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Update Helper
Google Updater
GoToMeeting 4.1.0.366
GPBaseService
GPBaseService2
Hotspot 2.01
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Doc Viewer
HP Document Manager 2.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 13.0
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP OfficeJet J6400
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0056
HP Wireless Assistant
HP_Network_UserGuide
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
I.R.I.S. OCR
InstallIQ Updater
Intel A/V Codecs V2.0
Intel® Matrix Storage Manager
iTunes
J6400
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
LightScribe 1.4.136.1
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Marketsplash Shortcuts
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended Beta 2
Microsoft Application Error Reporting
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft IntelliPoint 8.1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.16)
Mozilla Firefox 9.0.1 (x86 en-US)
MPM
MSCU for Microsoft Vista
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
NEF Codec
Network
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OCR Software by I.R.I.S. 13.0
Officejet Pro 8500 A909 Series
OGA Notifier 2.0.0048.0
PrimoPDF -- brought to you by Nitro PDF Software
ProductContext
PSSWCORE
PVSonyDll
Quicken WillMaker Plus 2008
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
ROSS PRACTICE 212
ROSS PROD 212
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Media Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Shop for HP Supplies
Skype Toolbars
Skypeâ„¢ 5.0
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
The Ringtone Maker Plus 5.1
The Ringtone Maker v5.2.7
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Uniblue DriverScanner
Uniblue PixelPerfect
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WD SmartWare
WebEx Support Manager for Internet Explorer
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 15.5
XPS Viewer
XTools 3.0
.
==== Event Viewer Messages From Past Week ========
.
2/3/2012 12:45:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2607576).
2/3/2012 12:38:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x0000109b, 0x006f0074, 0x937be448). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020312-63133-01.
2/3/2012 12:17:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
2/3/2012 1:06:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
2/3/2012 1:06:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/3/2012 1:05:20 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
2/3/2012 1:05:11 PM, Error: Service Control Manager [7000] - The ArcGIS License Manager service failed to start due to the following error: The system cannot find the file specified.
2/2/2012 5:57:56 PM, Error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
2/2/2012 11:21:45 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/1/2012 9:25:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
2/1/2012 9:25:40 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/1/2012 11:39:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
2/1/2012 11:39:52 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/31/2012 7:39:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/31/2012 3:18:34 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running.
1/31/2012 3:18:33 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/30/2012 9:12:04 AM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
1/30/2012 8:24:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2633171).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2641690).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2633952).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2631813).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2620712).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2619339).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2585542).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2584146).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2656356).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2618444).
1/30/2012 8:24:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2618451).
1/30/2012 8:24:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2607576).
1/30/2012 8:24:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2644615).
1/30/2012 8:24:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2639417).
1/30/2012 8:24:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2620704).
1/30/2012 8:24:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB2588516).
1/30/2012 8:15:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x0000109b, 0x006f0074, 0x9b9c8448). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013012-40622-01.
1/28/2012 2:16:36 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
.
==== End Of File ===========================

broni · 2012/02/03

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Jim911Fire · 2012/02/03

ComboFix 12-02-03.02 - Jim 02/03/2012 20:34:35.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1910 [GMT -8:00]
Running from: C:\Users\Jim\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))

2012-02-04 04:44:30 . 2012-02-04 04:44:30 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2012-02-04 04:44:30 . 2012-02-04 04:44:30 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-02-03 21:02:03 . 2012-02-03 21:02:22 -------- d-----w- C:\Users\Jim\AppData\Roaming\MSNInstaller
2012-02-03 20:53:43 . 2012-02-03 21:47:55 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D722F4AC-D70C-411D-A5E0-1767F4B0D1C0}\offreg.dll
2012-02-03 20:21:46 . 2012-02-03 20:21:46 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-03 20:20:38 . 2009-09-05 01:44:40 69464 ----a-w- C:\Windows\system32\XAPOFX1_3.dll
2012-02-03 20:20:38 . 2009-09-05 01:44:40 515416 ----a-w- C:\Windows\system32\XAudio2_5.dll
2012-02-03 20:20:36 . 2009-09-05 01:29:34 453456 ----a-w- C:\Windows\system32\d3dx10_42.dll
2012-02-03 20:19:31 . 2012-02-03 20:19:31 15712 ----a-w- C:\Program Files\Common Files\Windows Live\.cache\235914231cce2b101\MeshBetaRemover.exe
2012-02-03 09:03:13 . 2012-01-17 12:39:54 6557240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D722F4AC-D70C-411D-A5E0-1767F4B0D1C0}\mpengine.dll
2012-02-03 07:02:13 . 2011-11-17 05:38:39 1288472 ----a-w- C:\Windows\system32\ntdll.dll
2012-02-03 07:02:11 . 2011-10-26 04:32:11 514560 ----a-w- C:\Windows\system32\qdvd.dll
2012-02-03 07:02:11 . 2011-10-26 04:32:11 1328128 ----a-w- C:\Windows\system32\quartz.dll
2012-02-03 04:41:04 . 2011-11-05 04:26:03 2048 ----a-w- C:\Windows\system32\tzres.dll
2012-02-03 04:40:39 . 2011-11-17 05:41:51 134000 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2012-02-03 04:40:39 . 2011-11-17 05:39:24 369352 ----a-w- C:\Windows\system32\drivers\cng.sys
2012-02-03 04:40:39 . 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\system32\schannel.dll
2012-02-03 04:40:39 . 2011-11-17 05:32:51 1038848 ----a-w- C:\Windows\system32\lsasrv.dll
2012-02-03 04:40:38 . 2011-11-17 05:41:52 67440 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2012-02-03 04:40:38 . 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\system32\webio.dll
2012-02-03 04:40:38 . 2011-11-17 05:34:55 15872 ----a-w- C:\Windows\system32\sspisrv.dll
2012-02-03 04:40:38 . 2011-11-17 05:34:55 100352 ----a-w- C:\Windows\system32\sspicli.dll
2012-02-03 04:40:38 . 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\system32\secur32.dll
2012-02-03 04:40:38 . 2011-11-17 05:29:50 22528 ----a-w- C:\Windows\system32\lsass.exe
2012-02-03 04:22:25 . 2011-09-29 16:03:04 1290608 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-02-03 04:22:23 . 2011-10-01 04:37:08 708608 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-02-03 04:22:17 . 2011-11-24 04:25:27 2342912 ----a-w- C:\Windows\system32\win32k.sys
2012-02-03 04:22:11 . 2011-10-15 05:38:59 534528 ----a-w- C:\Windows\system32\EncDec.dll
2012-02-03 04:22:05 . 2011-10-26 04:28:12 38912 ----a-w- C:\Windows\system32\csrsrv.dll
2012-02-03 04:21:57 . 2011-10-26 04:47:40 3967856 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-02-03 04:21:57 . 2011-10-26 04:47:40 3912560 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-02-03 04:14:50 . 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\system32\packager.dll
2012-02-03 02:27:52 . 2012-02-03 02:27:52 -------- d-----w- C:\Program Files\iPod
2012-02-03 02:27:51 . 2012-02-03 02:29:23 -------- d-----w- C:\Program Files\iTunes
2012-02-01 20:03:48 . 2012-02-01 20:03:48 -------- d-----w- C:\Program Files\ESET
2012-02-01 03:43:48 . 2012-02-04 04:44:30 -------- d-----w- C:\Users\Jim\AppData\Local\temp
2012-01-31 22:37:08 . 2012-02-01 22:44:06 134856 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2012-01-31 22:37:08 . 2011-09-16 07:55:04 36000 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2012-01-31 22:37:08 . 2011-09-16 07:55:03 74640 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2012-01-30 17:20:50 . 2012-01-30 17:20:50 -------- d-----w- C:\Users\Jim\AppData\Roaming\Avira
2012-01-30 17:20:23 . 2012-01-30 17:20:23 -------- d-----w- C:\ProgramData\Avira
2012-01-30 17:20:23 . 2012-01-30 17:20:23 -------- d-----w- C:\Program Files\Avira
2012-01-26 15:34:46 . 2011-12-21 07:24:51 43992 ----a-w- C:\Program Files\Mozilla Firefox\mozutils.dll
2012-01-26 15:34:46 . 2011-12-21 04:30:41 626688 ----a-w- C:\Program Files\Mozilla Firefox\msvcr80.dll
2012-01-26 15:34:46 . 2011-12-21 04:30:41 548864 ----a-w- C:\Program Files\Mozilla Firefox\msvcp80.dll
2012-01-26 15:34:46 . 2011-12-21 04:30:41 479232 ----a-w- C:\Program Files\Mozilla Firefox\msvcm80.dll
2012-01-26 02:13:27 . 2012-01-26 07:07:50 -------- d-----w- C:\Program Files\Spybot - Search & Destroy 2
2012-01-23 00:53:13 . 2012-01-26 07:04:17 -------- d-----w- C:\Program Files\SpywareBlaster
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-27 08:21:24 . 2009-10-02 17:17:18 237072 ------w- C:\Windows\system32\MpSigStub.exe
2011-12-10 23:24:06 . 2011-02-22 04:17:27 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-11-16 04:09:50 . 2011-11-16 04:09:49 6639616 ----a-w- C:\Windows\system32\drivers\NETwLv32.sys
2011-11-16 04:09:49 . 2011-11-16 04:09:49 675840 ----a-w- C:\Windows\system32\NETwLc32.dll
2011-11-16 04:09:49 . 2011-11-16 04:09:49 2756608 ----a-w- C:\Windows\system32\NETwLr32.dll
2008-01-28 19:10:38 . 2009-02-16 07:24:01 441856 ----a-w- C:\Program Files\xpodclone.exe
2011-12-21 07:24:52 . 2011-03-24 23:08:40 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 01:20:16 279944 ----a-w- C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 01:20:16 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 01:20:16 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 12:17:41 1174016]
"WLSync "= "C:\Program Files\Windows Live\Mesh\WLSync.exe" [2010-09-23 07:19:02 1448800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 05:31:22 1721640]
"IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 00:54:40 178712]
"avgnt "= "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 19:38:21 258512]
"APSDaemon "= "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 07:25:58 59240]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2012-01-17 01:22:12 421736]

C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-07 00:00:45 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
backup=C:\Windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk

[HKLM\~\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-15 08:39:06 3303000 ----a-w- C:\Users\Jim\AppData\Local\Akamai\netsession_win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48:18 58656 ----a-w- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25:58 59240 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 05:32:26 648536 ----a-w- C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07:00 1848648 ----a-w- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10:00 652624 ----a-w- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-03-01 20:18:36 472776 ----a-w- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-04-13 22:02:34 1808784 ----a-w- C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 01:22:12 421736 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 22:53:16 981680 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-11-21 03:33:00 110184 ----a-w- C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2011-07-19 00:08:22 67448 ----a-w- C:\Program Files\Uniblue\PowerSuite\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28:52 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 18:47:12 79192 ----a-w- C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-10-06 23:04:37 9267816 ----a-w- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 22:46:54 1458176 ----a-w- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06:06 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-01-30 06:44:38 4616064 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-16 02:02:36 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLSync]
2010-09-23 07:19:02 1448800 ----a-w- C:\Program Files\Windows Live\Mesh\WLSync.exe

R2 ArcGIS License Manager;ArcGIS License Manager;K:\FBAN\ArcGIS10\Desktop10.0\License\License10.0\bin\lmgrd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 21:16:28 130384]
R2 gupdate1c98ffac72d3350;Google Update Service (gupdate1c98ffac72d3350);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-16 05:52:26 133104]
R3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2010-03-11 01:12:52 121416]
R3 CAATT;AT&T Con App Svc;C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [2010-03-11 01:10:46 125512]
R3 GTUHSBUS;GT UHS BUS;C:\Windows\system32\DRIVERS\gtuhsbus.sys [2009-07-16 15:51:50 67840]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;C:\Windows\system32\DRIVERS\gtuhs51.sys [2009-07-16 15:53:18 107776]
R3 GTUHSSER;GT UHS SER;C:\Windows\system32\DRIVERS\gtuhsser.sys [2009-07-16 15:49:56 8064]
R3 GTUQBUS;GT UQ BUS;C:\Windows\system32\DRIVERS\gtuqbus.sys [2007-08-23 14:29:42 37120]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-16 05:52:26 133104]
R3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys [2010-03-10 23:16:12 25112]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 22:02:51 4231168]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-03 21:00:30 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 19:02:52 11520]
R3 WPFFontCache_v0400;WPFFontCache_v0400; [x]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:18:07 17920]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:33:04 51040]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2011-09-16 07:55:04 36000]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-11-07 00:00:46 12880]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-11-07 00:00:46 67664]
S1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [2011-07-01 09:01:20 101720]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-11-07 00:00:48 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 19:55:28 64952]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:14:41 20992]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-09-24 02:08:19 86224]
S2 atashost;WebEx Service Host for Support Center;C:\Windows\system32\atashost.exe [2009-03-06 20:59:12 20376]
S2 WDDMService;WD SmartWare Drive Manager;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 18:33:42 110592]
S2 WDFME;WD File Management Engine;C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 18:32:36 1858048]
S2 WDSC;WD File Management Shadow Engine;C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 18:32:06 482304]
S3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys [2011-04-12 20:01:38 45464]
S3 i8042HDR;Keyboard Filter Driver;C:\Windows\system32\DRIVERS\i8042HDR.sys [2011-08-17 18:28:50 13224]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETwLv32.sys [2011-11-16 04:09:50 6639616]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 04:37:50 4640000]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-10-06 23:02:01 267880]

--- Other Services/Drivers In Memory ---

*Deregistered* - Avgfwfd
*Deregistered* - AVGIDSDrivervtx
*Deregistered* - AVGIDSFiltervtx
*Deregistered* - AVGIDSShimvtx
*Deregistered* - Avgrkx86
*Deregistered* - Avgtdix

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2012-02-03 C:\Windows\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-16 02:02:33 . 2011-10-07 20:06:30]

2012-02-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-16 05:52:32 . 2009-02-16 05:52:26]

2012-02-04 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-16 05:52:32 . 2009-02-16 05:52:26]

------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect
IE: Se&nd to OneNote - C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: ca.gov\cadweb.fire
Trusted Zone: intuit.com\ttlc
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\lf4vcbly.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,

broni · 2012/02/03

Combofix log is incomplete.
Lower part is missing.

Jim911Fire · 2012/02/04

.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll "= "c:\program files\common files\akamai/netsession_win_e286960.dll "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,d9,bc,2c,32,a3,83,43,ae,78,8c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,d9,bc,2c,32,a3,83,43,ae,78,8c,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2524)
c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-02-03 22:00:36
ComboFix-quarantined-files.txt 2012-02-04 06:00
ComboFix2.txt 2012-02-04 04:50
ComboFix3.txt 2012-02-01 03:43
ComboFix4.txt 2012-01-30 08:41
.
Pre-Run: 19,745,275,904 bytes free
Post-Run: 19,660,271,616 bytes free
.
- - End Of File - - 3BA4F49622867BFCA90A5DCC4C117E91

broni · 2012/02/04

I don't really see much there.

What are the current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jim911Fire · 2012/02/04

OTL logfile created on: 2/4/2012 11:21:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jim\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.28% Memory free
8.99 Gb Paging File | 7.59 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.71 Gb Total Space | 17.88 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 140.30 Gb Free Space | 94.13% Space Free | Partition Type: NTFS
Drive E: | 7.27 Gb Total Space | 0.72 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
Drive F: | 1.08 Gb Total Space | 1.04 Gb Free Space | 96.09% Space Free | Partition Type: NTFS
Drive J: | 20.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 931.49 Gb Total Space | 694.52 Gb Free Space | 74.56% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 19:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2011/11/06 16:00:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/09/01 16:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/23 17:11:44 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007/04/23 17:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpActivator)
SRV - File not found [Disabled | Stopped] -- -- (NetPipeActivator)
SRV - File not found [Disabled | Stopped] -- -- (NetMsmqActivator)
SRV - [2012/01/31 15:18:31 | 003,342,112 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_e286960.dll -- (Akamai)
SRV - [2011/11/06 16:00:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/10/12 16:01:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/03 13:00:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/10 17:12:52 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/03/10 17:10:46 | 000,125,512 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/05 23:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Stopped] -- K:\FBAN\ArcGIS10\Desktop10.0\License\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
SRV - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/04/23 17:11:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 17:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 13:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - [2012/02/01 14:44:06 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/11/15 20:09:50 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
DRV - [2011/11/06 16:00:46 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/11/06 16:00:46 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/16 21:40:01 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/08/17 10:49:31 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2011/08/17 10:28:50 | 000,013,224 | ---- | M] (Chicony) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\i8042HDR.sys -- (i8042HDR)
DRV - [2011/07/01 01:01:20 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/12 12:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/06 15:19:16 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/10 17:02:30 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/03/10 17:00:10 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/03/10 15:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/02/24 23:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/09/02 02:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/16 07:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 07:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 07:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/07/13 16:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/20 21:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/08/23 06:29:42 | 000,037,120 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuqbus.sys -- (GTUQBUS)
DRV - [2007/08/23 06:29:42 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/03/01 04:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 06:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 09:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/30 09:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: {D02B1E87-A8C6-433f-9B5C-2CEC4A072736}:04.10.01.03
FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local "

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 4\components [2011/11/10 08:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins [2011/11/10 08:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/26 07:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 08:52:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/02 15:31:48 | 000,000,000 | ---D | M]

[2010/07/02 16:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2012/02/03 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\lf4vcbly.default\extensions
[2010/07/02 16:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\lf4vcbly.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}-trash
[2012/01/26 07:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LF4VCBLY.DEFAULT\EXTENSIONS\ADMIN@YOUTUBEFOR2012.COM.XPI
() (No name found) -- C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LF4VCBLY.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LF4VCBLY.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2011/12/20 23:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 20:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 20:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/31 19:39:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: ca.gov ([cadweb.fire] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advan...amfrogweb.com-advanced-2.0.2.3_instmodule.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44B791D8-773B-4AD9-8574-237F0B38F98D}: DhcpNameServer = 172.26.38.1 172.26.38.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 07:21:18 | 000,000,082 | ---- | M] () - J:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.g723 - g723.acm File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I263 - C:\Windows\System32\i263_32.drv (Intel Corporation)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 08:14:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C082FD9F-FC9E-44FE-A5DD-1E1DB0C808D7}
[2012/02/03 21:57:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/03 20:30:57 | 004,394,794 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/02/03 13:08:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{112A2373-C6F5-4144-AF19-1D43EA7CEE26}
[2012/02/03 13:07:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0B03A76C-B5B7-47CD-8C41-F3F1AE1FB81E}
[2012/02/03 13:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\MSNInstaller
[2012/02/03 12:59:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6D896E0F-E7EA-49C0-B264-8E846057CFB5}
[2012/02/03 12:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{797B7ED0-6687-44AB-AEE6-8C898EA4B0AB}
[2012/02/03 10:55:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\email storage
[2012/02/03 10:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{98B04880-C883-4BDF-A3EE-046EF25D6BC3}
[2012/02/03 10:30:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2218FAA8-C6EB-45BE-B945-179FEC678838}
[2012/02/03 00:41:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1ADFA923-2437-44F5-B95C-9BCDDD4A895D}
[2012/02/02 23:17:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D385A999-D1CD-4A55-BB34-69A02C342266}
[2012/02/02 23:17:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E22E55B4-812A-4484-8CF3-D8B4A357B15B}
[2012/02/02 21:27:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7FF10DF5-140A-4FCC-A539-043DA5AA28F9}
[2012/02/02 21:26:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{92C37439-6CB8-40D4-99BC-0CE8DA6572B9}
[2012/02/02 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BF344893-5817-4689-A189-DADC9EE5F6B3}
[2012/02/02 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FEA46AD1-8CDB-4F78-8133-37F5D7192EA6}
[2012/02/02 19:56:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2012/02/02 18:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/02 18:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/02 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/02 17:53:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{139002A5-A096-4A2F-8C39-4CB98B09CB83}
[2012/02/02 17:52:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{24B3C0C1-9079-42CD-8E1A-11C2BDFB428F}
[2012/02/01 21:23:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1EB4BC61-EA55-4179-A669-DBE984895C1E}
[2012/02/01 21:23:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8E384797-DF3E-4422-891A-649EE6EDE912}
[2012/02/01 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{574F5EAB-B572-416E-ACE4-00F853A7B242}
[2012/02/01 18:57:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C7D4CE4E-4402-48EB-9467-A6BAA81FED9F}
[2012/02/01 11:40:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5B6F2543-16FE-4122-BE9B-836FE94C69AA}
[2012/02/01 11:39:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8B602684-D8FF-4C30-9775-4DA31530BAFA}
[2012/01/31 19:43:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\temp
[2012/01/31 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{DCA7A2D2-BA44-4B7F-B272-CE98CE94E430}
[2012/01/31 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CAD27975-520A-4956-A87A-763775D5F359}
[2012/01/31 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2F8888DE-2B1F-4D00-BAEF-A4100911534A}
[2012/01/31 14:54:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B3871551-51CA-4FF1-832A-95D769620FD5}
[2012/01/31 14:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/31 14:37:08 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/01/31 14:37:08 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/01/31 14:37:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/01/31 14:37:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/01/30 22:38:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FD9534F8-D348-4C58-A9DD-F38A03BDC413}
[2012/01/30 22:38:20 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{EA3F6A93-1475-4936-A897-B6AC955EFA71}
[2012/01/30 09:20:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Avira
[2012/01/30 09:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/30 09:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/01/30 00:19:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/30 00:19:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/30 00:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/30 00:19:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/30 00:17:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/29 22:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0020517A-7462-42F4-AC2D-70C1A6595554}
[2012/01/29 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D428D4FB-808C-4419-A62E-844C0694DFE4}
[2012/01/28 21:51:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CC9EB423-2C06-4DEC-AE02-0DECDBE1338E}
[2012/01/28 21:51:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2C51C2D1-1E36-4E9A-9C86-98553B989451}
[2012/01/25 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{58D5DC70-3DCA-4A67-A1AF-87A329658937}
[2012/01/25 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6D43E982-D4D1-45D7-B953-590705E5D188}
[2012/01/25 18:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/01/25 16:42:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F1DFE142-FCC9-4C3B-817D-813A0F4CD057}
[2012/01/25 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{4B5038CD-44B8-4693-B45F-A68E36EB5D38}
[2012/01/25 00:21:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{329EC6E0-C8B1-4522-844C-22D3DF73A1D5}
[2012/01/25 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{89F001E8-1041-45C5-BDBB-C8FBEFDB522E}
[2012/01/24 10:35:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5236C534-F9B3-46B5-8253-1F19AE2DCAB8}
[2012/01/24 10:35:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2A4C67E8-254F-4C2D-AC35-AC5CDE6C5346}
[2012/01/23 21:57:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D138BDC8-4EA1-4F71-8FC1-B3A90C04FCDE}
[2012/01/23 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{064965A4-ECB1-4913-B171-F7C5D6B1BE24}
[2012/01/22 19:46:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F602AB2C-2D1B-4DC2-B1C6-8FC3D07A6F77}
[2012/01/22 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{455DEFF9-2257-41E2-93D4-378668D3E394}
[2012/01/22 16:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/01/22 16:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/20 21:23:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A34090C8-74FC-45AC-85EA-BD601C0B98F2}
[2012/01/20 21:22:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{03EAB1DF-6322-4632-AD97-3925793E1CAE}
[2012/01/20 20:57:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F5B840F0-8339-4B5F-99C1-D11E79DEA112}
[2012/01/20 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B06E515D-0844-45DB-A514-D7D5FD2A1003}
[2012/01/19 16:21:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B62551F8-BD5E-4250-BEA3-D2D95B0A6583}
[2012/01/18 21:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0A890FB9-60A3-4887-A523-8EF968F6EA63}
[2012/01/18 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C559914D-4B10-4545-B736-278CB0B92268}
[2012/01/17 21:27:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{286AA0EB-68F2-4FFD-B28C-32544268F25D}
[2012/01/17 21:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3B41190A-30C2-464A-9ABE-FD6F78D9A7E6}
[2012/01/17 21:25:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0C1BD8CE-17A5-4C73-9943-8C93FC59C559}
[2012/01/17 21:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3F933675-7A40-405F-BA4B-0F74A041FD55}
[2012/01/16 21:12:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5EA93AC1-8CDF-406E-81F8-D60FCE05A70B}
[2012/01/16 21:12:33 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3705F6FF-D6F8-48EF-92BE-B0C707429A57}
[2012/01/16 18:53:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{40230CA4-29F9-4E1B-83DE-CE875FB120AE}
[2012/01/16 18:52:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{53FA5E8B-B187-4FB3-820A-7FA79C6D1097}
[2012/01/16 10:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{02C76EA5-DC07-4880-A953-1AF5E609382E}
[2012/01/16 10:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{86570867-E2AE-4B64-95EA-21370FD0FD03}
[2012/01/16 09:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1FB0D6CD-9EB2-4298-933C-2929D43743E6}
[2012/01/16 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B1F86998-E471-40E7-8510-E68B926FE8EF}
[2012/01/13 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E76747F9-FE11-45C1-990F-986A99CA1BE0}
[2012/01/13 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7BD64BD1-54B5-43C8-B3A2-9C1262E93149}
[2012/01/12 22:49:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{74A64CDD-E886-4A61-9669-816095380105}
[2012/01/12 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{17568FC1-E11C-48B1-BAD2-2453C5AE1466}
[2012/01/12 16:16:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9A2CBB75-2822-4FC5-8FA8-CDD91A7CB1EE}
[2012/01/11 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{72A6593C-15CB-4D9F-B03D-420BF4643A11}
[2012/01/11 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5568FB31-AC5A-4CE8-A6E4-A6470932C191}
[2012/01/09 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{34AF53AA-57FC-4E21-9492-A6299FE56CD6}
[2012/01/09 22:05:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{986DFB5D-919B-4032-B021-F73181F13872}
[2012/01/07 20:09:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{AEC1D457-871D-4671-AFD4-1AFC5CD22ABE}
[2012/01/07 20:09:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F639AC1B-6B4C-4CB4-9C78-C1D77A774AAB}
[2012/01/07 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A14B9DA0-7A58-4ACB-BEB9-23DD41E1DDA9}
[2012/01/07 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9966E467-D0FF-49C4-84CF-CD035FE79668}
[2012/01/06 22:51:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{962555A7-5FE0-4145-BCA6-C9ADC2986787}
[2012/01/06 22:51:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B34BA275-449E-4E98-9F77-2DCB9E820C0D}
[2012/01/06 13:56:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F394834A-1715-4347-8A7B-589CE22D490A}
[2012/01/06 13:55:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D3DA910C-8F67-41C0-B200-E87EC5B2FE91}
[2012/01/06 10:31:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C413AF6F-86F9-484D-AAAC-F8D07D5AD865}
[2012/01/06 10:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CDA2156C-0764-445A-AAE7-47EEC65C12D9}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jim\*.tmp files -> C:\Users\Jim\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/04 10:38:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/04 10:30:30 | 000,713,806 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 10:30:30 | 000,141,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 08:14:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 08:06:08 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:06:08 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 07:57:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 07:56:44 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 20:32:02 | 004,394,794 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/02/03 13:50:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/02 20:28:22 | 000,705,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/02 19:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2012/02/02 18:29:26 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 19:55:03 | 001,265,087 | ---- | M] () -- C:\Users\Jim\Desktop\Gaining a Basic Understanding.pdf
[2012/02/01 19:49:30 | 000,000,402 | ---- | M] () -- C:\Users\Jim\Desktop\Login - NIFTT.website
[2012/02/01 14:44:06 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/02/01 13:42:53 | 000,000,512 | ---- | M] () -- C:\Users\Jim\Desktop\MBR.dat
[2012/01/31 19:39:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120202-195838.backup
[2012/01/31 19:39:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/30 22:03:17 | 007,772,316 | ---- | M] () -- C:\Users\Jim\Documents\The_Tustin_Hangars.pdf
[2012/01/30 20:17:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/30 10:21:08 | 000,752,745 | ---- | M] () -- C:\Users\Jim\AppData\Local\census.cache
[2012/01/30 10:20:57 | 000,228,573 | ---- | M] () -- C:\Users\Jim\AppData\Local\ars.cache
[2012/01/30 09:05:22 | 000,294,061 | ---- | M] () -- C:\Users\Jim\Documents\2012 Confined Space Recert.pdf
[2012/01/29 01:16:42 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/29 01:16:42 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/27 21:41:24 | 000,001,055 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2012/01/27 21:39:19 | 000,000,420 | ---- | M] () -- C:\Windows\wininit.ini
[2012/01/26 07:35:17 | 000,001,851 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 07:34:48 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/22 17:05:09 | 000,000,036 | ---- | M] () -- C:\Users\Jim\AppData\Local\housecall.guid.cache
[2012/01/18 22:39:53 | 000,594,808 | ---- | M] () -- C:\Users\Jim\Documents\US HealthWorks.pdf
[2012/01/18 21:24:52 | 000,808,066 | ---- | M] () -- C:\Users\Jim\Documents\2012 RPP Letter.pdf
[2012/01/18 14:25:14 | 000,146,440 | ---- | M] () -- C:\Users\Jim\Documents\STD678.pdf
[2012/01/16 20:54:21 | 000,472,734 | ---- | M] () -- C:\Users\Jim\Documents\erd.bmp
[2012/01/06 14:15:19 | 000,000,065 | ---- | M] () -- C:\Users\Jim\Desktop\MyLab Mastering Pearson.URL
[2012/01/06 10:36:00 | 000,000,093 | ---- | M] () -- C:\Users\Jim\Desktop\Pearson Learning Solutions Long Beach City College.URL
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jim\*.tmp files -> C:\Users\Jim\*.tmp -> ]

Jim911Fire · 2012/02/04

========== Files Created - No Company Name ==========

[2012/02/02 18:29:26 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 19:55:03 | 001,265,087 | ---- | C] () -- C:\Users\Jim\Desktop\Gaining a Basic Understanding.pdf
[2012/02/01 13:42:53 | 000,000,512 | ---- | C] () -- C:\Users\Jim\Desktop\MBR.dat
[2012/01/30 22:03:17 | 007,772,316 | ---- | C] () -- C:\Users\Jim\Documents\The_Tustin_Hangars.pdf
[2012/01/30 09:05:22 | 000,294,061 | ---- | C] () -- C:\Users\Jim\Documents\2012 Confined Space Recert.pdf
[2012/01/30 08:57:42 | 000,000,402 | ---- | C] () -- C:\Users\Jim\Desktop\Login - NIFTT.website
[2012/01/30 00:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/30 00:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/30 00:19:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/30 00:19:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/30 00:19:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 21:56:26 | 2414,682,112 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 21:41:24 | 000,001,055 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2012/01/27 21:39:18 | 000,000,420 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/22 20:28:59 | 000,752,745 | ---- | C] () -- C:\Users\Jim\AppData\Local\census.cache
[2012/01/22 20:27:29 | 000,228,573 | ---- | C] () -- C:\Users\Jim\AppData\Local\ars.cache
[2012/01/18 22:39:53 | 000,594,808 | ---- | C] () -- C:\Users\Jim\Documents\US HealthWorks.pdf
[2012/01/18 21:24:52 | 000,808,066 | ---- | C] () -- C:\Users\Jim\Documents\2012 RPP Letter.pdf
[2012/01/18 14:25:13 | 000,146,440 | ---- | C] () -- C:\Users\Jim\Documents\STD678.pdf
[2012/01/16 20:53:25 | 000,472,734 | ---- | C] () -- C:\Users\Jim\Documents\erd.bmp
[2012/01/06 14:15:19 | 000,000,065 | ---- | C] () -- C:\Users\Jim\Desktop\MyLab Mastering Pearson.URL
[2012/01/06 10:36:00 | 000,000,093 | ---- | C] () -- C:\Users\Jim\Desktop\Pearson Learning Solutions Long Beach City College.URL
[2011/09/13 17:51:15 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/09/13 15:21:02 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/05/11 20:31:20 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4D5CFEE444.sys
[2011/05/11 20:31:12 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/20 09:23:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/20 09:23:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/02/09 20:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/27 12:44:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 23:50:07 | 000,000,036 | ---- | C] () -- C:\Users\Jim\AppData\Local\housecall.guid.cache
[2010/10/06 15:02:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/05 20:02:38 | 000,007,610 | ---- | C] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
[2010/07/13 19:57:38 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\prvlcl.dat
[2010/07/08 16:10:39 | 000,218,199 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010/07/08 16:10:38 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2010/07/07 09:29:07 | 000,182,023 | ---- | C] () -- C:\Windows\hpwins14.dat.osupcopy
[2010/07/07 09:28:46 | 000,179,661 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2010/07/07 09:28:45 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2010/07/04 18:12:59 | 000,013,824 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 17:11:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/02 16:34:08 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/07/02 16:25:27 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/01 23:55:08 | 000,018,414 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\UserTile.png
[2010/02/08 07:23:01 | 000,023,110 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/08 07:03:25 | 000,077,374 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/18 23:23:39 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009/11/07 12:29:59 | 000,002,332 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2009/09/17 09:25:19 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/16 11:52:57 | 000,188,627 | ---- | C] () -- C:\Windows\hpwins22.dat
[2009/07/16 11:52:57 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,705,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,713,806 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,141,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/07 05:44:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/19 10:20:51 | 000,151,692 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/14 22:53:16 | 000,000,004 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\3084DF
[2009/06/14 22:53:15 | 000,870,128 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\mcs.rma
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/12 17:58:28 | 000,102,400 | ---- | C] () -- C:\Windows\NOAA_32.DLL
[2009/02/26 20:54:57 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2009/02/15 23:24:01 | 000,441,856 | ---- | C] () -- C:\Program Files\xpodclone.exe
[2009/02/15 12:40:21 | 000,027,145 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\nvModes.001
[2009/02/15 12:40:18 | 000,027,145 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\nvModes.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/22 10:05:42 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2007/06/19 03:22:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/06/19 03:22:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/06/19 03:06:53 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/02/27 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 04:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/07/02 16:06:04 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Bytemobile
[2010/07/02 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\acccore
[2011/08/20 12:46:01 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Amazon
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AT&T
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
[2011/04/30 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG
[2011/02/09 19:03:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG9
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Blackberry Desktop
[2010/09/27 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Blitware
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Bytemobile
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DriverCure
[2012/02/04 08:14:24 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Dropbox
[2010/07/12 14:59:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\eFax Messenger
[2011/10/12 10:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\esri
[2010/07/02 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Facebook
[2011/02/25 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Fluent
[2011/02/09 11:25:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GARMIN
[2010/04/06 16:00:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GetRightToGo
[2010/07/12 15:00:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\j2 Global
[2010/07/02 16:08:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\JExpress
[2012/02/03 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MSNInstaller
[2010/07/02 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\NCH Swift Sound
[2011/09/13 17:51:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\OpenCandy
[2012/01/30 09:00:20 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PrimoPDF
[2010/09/29 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Research In Motion
[2010/07/02 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Sierra Wireless
[2010/08/06 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SystemRequirementsLab
[2010/07/02 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Template
[2010/01/17 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\The Ringtone Maker Plus
[2010/10/06 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue
[2010/07/02 16:09:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\WildTangent
[2010/11/12 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer
[2011/10/17 08:13:56 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/09/13 07:53:56 | 000,186,893 | ---- | M] () -- C:\1020.log
[2009/06/10 13:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 04:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/07/02 16:14:35 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/03 22:00:37 | 000,022,784 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 13:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/26 21:46:10 | 000,562,894 | ---- | M] () -- C:\drivers.log
[2012/02/04 07:56:44 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/14 22:50:46 | 000,000,184 | ---- | M] () -- C:\INSTALL.LOG
[2009/12/18 23:22:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/24 23:49:25 | 000,000,361 | -H-- | M] () -- C:\IPH.PH
[2011/09/13 15:21:28 | 000,024,947 | ---- | M] () -- C:\M1319.log
[2009/12/18 23:22:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/04 07:56:41 | 3219,128,320 | -HS- | M] () -- C:\pagefile.sys
[2011/10/06 12:02:43 | 000,000,734 | ---- | M] () -- C:\updatedatfix.log
[2010/10/09 18:57:33 | 000,000,344 | ---- | M] () -- C:\UserChoice.reg

< %systemroot%\Fonts\*.com >
[2009/07/13 20:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 20:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 20:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 20:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 17:15:05 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
[2009/07/13 17:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL
[2011/02/24 20:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD8F.DLL
[2011/02/24 20:00:00 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP8F.DLL
[2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/07/01 12:00:16 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5jy.dll
[2008/08/07 12:03:38 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp64w.dll
[2009/06/22 17:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/13 17:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/11/20 04:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
[2007/12/09 16:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/11/05 20:48:01 | 000,001,638 | -HS- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/13 20:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2008/01/28 11:10:38 | 000,441,856 | ---- | M] () -- C:\Program Files\xpodclone.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/06/23 08:05:08 | 000,000,444 | -HS- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/01/30 21:25:39 | 000,000,221 | -HS- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Jim\Desktop\boot_cleaner.exe
[2012/02/03 20:32:02 | 004,394,794 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/02/02 19:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/04/18 19:55:11 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/04/18 19:55:09 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/04/18 19:55:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/04/18 19:55:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/04/18 19:55:03 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/04/18 19:55:10 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/18 20:01:44 | 000,000,402 | -HS- | M] () -- C:\Users\Jim\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/12 15:46:40 | 000,000,088 | RHS- | M] () -- C:\ProgramData\4D5CFEE444.sys
[2010/11/18 18:18:50 | 000,003,057 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/05/12 15:46:41 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/02 16:25:28 | 000,000,145 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/30 20:17:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/01/23 17:08:40 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\衰ğ
[2010/01/23 17:08:40 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\衰ğ
[2009/12/07 11:43:21 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\澠Ĺ
[2009/12/07 11:43:21 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\澠Ĺ
[2009/11/07 15:19:20 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꑘŊ
[2009/11/07 15:19:20 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꑘŊ

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\WORK TIMELINE.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\VFC 13 - Where are they now.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\UNIBLUE - Order Number.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Ten Standing Orders for Local Leadership.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Station Fire Review, Observations, and Recommendations.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Deposit envelope LAFCU.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\CSFA Preplan.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\activision code.doc:Roxio EMC Stream
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Jim911Fire · 2012/02/04

OTL Extras logfile created on: 2/4/2012 11:21:53 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jim\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.28% Memory free
8.99 Gb Paging File | 7.59 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.71 Gb Total Space | 17.88 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 140.30 Gb Free Space | 94.13% Space Free | Partition Type: NTFS
Drive E: | 7.27 Gb Total Space | 0.72 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
Drive F: | 1.08 Gb Total Space | 1.04 Gb Free Space | 96.09% Space Free | Partition Type: NTFS
Drive J: | 20.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 931.49 Gb Total Space | 694.52 Gb Free Space | 74.56% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02D29CDE-779D-3082-85C9-4086A49A9390}" = Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series" = Canon iP100 series
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS License Manager 10
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{311B6629-7711-4937-9DD1-2172016B73FA}" = FlamMap3
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{37C6566A-42BA-472B-AA79-9AF83F9446ED}" = XPS Viewer
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CD3F0DE-D558-4D67-B0ED-406B2DCA1C36}" = FARSITE 4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Digital Image Standard 2006 Editor
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F1CECBC-670F-4DAA-81D6-944B12450917}" = DIGOpt
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Digital Image Standard 2006 Library
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{74E69F8A-BCBB-4A0A-9361-32225755D8C3}" = Garmin BaseCamp
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77AABB3A-0790-45FF-B881-341320438F7E}" = Fire Characteristics Chart v1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C46B93-DB79-49F5-9729-9547E1909C21}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
"{B2DA1AE3-5578-424F-9D21-A155A0224CAB}" = FireFamily Plus 4.1 beta
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE7C00D6-41CD-4ACD-A61C-086790D2BD56}" = FCCS
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C701DC2B-7240-43D8-B776-3653952E781F}" = Garmin TOPO U.S. 24K West v2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECB82093-A207-4B57-A0C3-81202EBC39D8}" = AT&T Communication Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan
"{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF01B564-22AA-719A-7E62-8F2F38C83AD3}" = The Ringtone Maker v5.2.7
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ABC Amber BlackBerry Editor" = ABC Amber BlackBerry Editor
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"ArcGIS Explorer" = ArcGIS Explorer
"ArcGIS License Manager 10" = ArcGIS License Manager 10
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Canon iP100 series User Registration" = Canon iP100 series User Registration
"Canon Setup Utility 2.4" = Canon Setup Utility 2.4
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cisco Connect" = Cisco Connect
"CodInstl" = Intel A/V Codecs V2.0
"Daniusoft Digital Music Converter_is1" = Daniusoft Digital Music Converter(Build 2.4.1.0)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PictureItPrem_v12" = Microsoft Digital Image Standard 2006 Update
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008
"RealPlayer 6.0" = RealPlayer Basic
"Rhapsody" = Rhapsody
"ROSS PRACTICE 212" = ROSS PRACTICE 212
"ROSS PROD 212" = ROSS PROD 212
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Shop for HP Supplies" = Shop for HP Supplies
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"ST6UNST #1" = Hotspot 2.01
"ST6UNST #5" = XTools 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"The Ringtone Maker Plus" = The Ringtone Maker Plus 5.1
"Trusted Software Assistant_is1" = File Type Assistant
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"VLC media player" = VLC media player 1.0.3
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2012 10:36:21 PM | Computer Name = Laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll ".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language "
in element "assemblyIdentity" is invalid.

Error - 2/3/2012 4:17:01 AM | Computer Name = Laptop | Source = MsiInstaller | ID = 10005
Description =

Error - 2/3/2012 4:17:01 AM | Computer Name = Laptop | Source = MsiInstaller | ID = 1024
Description =

Error - 2/3/2012 5:10:25 AM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: yppfyx2v.exe, version: 1.0.15.15641, time
stamp: 0x4e21f2b1 Faulting module name: yppfyx2v.exe, version: 1.0.15.15641, time
stamp: 0x4e21f2b1 Exception code: 0xc0000005 Fault offset: 0x0000c676 Faulting process
id: 0x1704 Faulting application start time: 0x01cce2536c4f07e1 Faulting application
path: C:\Users\Jim\Desktop\yppfyx2v.exe Faulting module path: C:\Users\Jim\Desktop\yppfyx2v.exe
Report
Id: e7d372ff-4e46-11e1-8d3f-001b247fe64a

Error - 2/3/2012 4:19:35 PM | Computer Name = Laptop | Source = VSS | ID = 8194
Description =

Error - 2/3/2012 10:54:32 PM | Computer Name = Laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll ".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language "
in element "assemblyIdentity" is invalid.

Error - 2/4/2012 2:27:02 PM | Computer Name = Laptop | Source = VSS | ID = 8194
Description =

Error - 2/4/2012 3:09:33 PM | Computer Name = Laptop | Source = VSS | ID = 8194
Description =

Error - 2/4/2012 3:24:24 PM | Computer Name = Laptop | Source = VSS | ID = 8194
Description =

Error - 2/4/2012 3:29:50 PM | Computer Name = Laptop | Source = VSS | ID = 8194
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 9/1/2011 11:24:52 PM | Computer Name = Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 13: Unable to start VA, setup shared queue,
or VA gave up on shared queue.

Error - 9/1/2011 11:24:52 PM | Computer Name = Laptop | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::launchCachedDownloader File: .\ConnectMgr.cpp
Line:
4958 Invoked Function: ConnectMgr :: launchCachedDownloader Return Code: 3 (0x00000003)
Description:
Cached Downloader terminated abnormally

Error - 9/1/2011 11:24:53 PM | Computer Name = Laptop | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr:rocessIfcData File: .\ConnectMgr.cpp Line: 1667
Invoked
Function: ConnectMgr:rocessIfcData Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED

Error - 9/1/2011 11:25:11 PM | Computer Name = Laptop | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::setPromptAttributes File: .\ConnectMgr.cpp Line:
2657 Invoked Function: setPromptAttributes Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Error text: Login failed.

Error - 9/1/2011 11:25:19 PM | Computer Name = Laptop | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::setPromptAttributes File: .\ConnectMgr.cpp Line:
2657 Invoked Function: setPromptAttributes Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Error text: Login failed.

Error - 10/12/2011 2:12:24 AM | Computer Name = Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 10/12/2011 2:12:25 AM | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr:rocessEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service

Error - 10/12/2011 3:01:32 AM | Computer Name = Laptop | Source = vpnva | ID = 67108866
Description = Function: WinMain File: .\VACon.cpp Line: 350 Invoked Function: find_remove_va
Return
Code: 259 (0x00000103) Description: No more data is available.

Error - 10/12/2011 3:01:32 AM | Computer Name = Laptop | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.

Error - 10/12/2011 3:01:32 AM | Computer Name = Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr:rocessEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service

[ System Events ]
Error - 2/4/2012 1:50:45 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/4/2012 1:55:37 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/4/2012 11:57:35 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = The ArcGIS License Manager service failed to start due to the following
error: %%2

Error - 2/4/2012 11:57:44 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/4/2012 11:58:22 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 9 service to connect.

Error - 2/4/2012 11:58:26 AM | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =

Error - 2/4/2012 1:10:29 PM | Computer Name = Laptop | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 2/4/2012 2:26:21 PM | Computer Name = Laptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 2/4/2012 3:16:44 PM | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =

Error - 2/4/2012 3:16:44 PM | Computer Name = Laptop | Source = DCOM | ID = 10016
Description =

< End of report >

broni · 2012/02/04

I can't continue....

What are the current issues?
Click to expand...

Jim911Fire · 2012/02/04

I get webpage redirects, some associated with facebook in some manner. I had a problem with spam being sent from my email accounts(typical viagra from Canada stuff), because I couldn't find it on my own. I deleted my email programs on my laptop, while I know that's not the best answer I was totally frustrated with it and concerned for my contacts that were getting ****** about the spam from me and did it before coming to the board for help. The other issue is on the bottom left screen you see where it says it's connecting to the site your going to, however my always has me going to "knhhoe.springcrab.com ". I don't use this site nor can I find it on the web. I'm concerned that there is a virus pulling my keystrokes via this site.

broni · 2012/02/04

Which browser is getting redirected?

What was the email program which, which was affected?

Jim911Fire · 2012/02/04

I mainly use Firefox and that appears to be where the problem is. I haven't noticed it with IE.

My Windows Live was the problem.

I have a few of the web links that I was directed to saved if that helps.

broni · 2012/02/04

You also have Chrome installed.
Can you check if it's affected as well?

Then....

Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.

To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

When prompted to run the scan, click Yes.

GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Log in or Sign up

Solved Multiple system attacks

Jim911Fire Inactive Thread Starter

MrBill SuperGeek WindowsBBS Team Member

Admin. Administrator Administrator Staff

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Multiple system attacks

Jim911Fire Inactive Thread Starter

MrBill SuperGeek WindowsBBS Team Member

Admin. Administrator Administrator Staff

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches