Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Window 7 Not genuine, etc


  • This topic is locked This topic is locked

#1
Vintage Charms

Vintage Charms

    Member

  • Member
  • PipPip
  • 75 posts
That was the message on my desktop this afternoon. Nothing would open. Computer froze. ebooted in safe. Ran Malware because nothing else would run and it removed 7 infected files. After reboot, still nothing would open. Here is the log:

OTL logfile created on: 5/9/2011 8:23:55 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Hewlett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 77.00% Memory free
24.00 Gb Paging File | 20.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.03 Gb Total Space | 729.28 Gb Free Space | 79.44% Space Free | Partition Type: NTFS
Drive D: | 13.39 Gb Total Space | 2.39 Gb Free Space | 17.86% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 380.44 Gb Free Space | 40.84% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 1863.01 Gb Total Space | 345.20 Gb Free Space | 18.53% Space Free | Partition Type: NTFS
Drive O: | 931.28 Gb Total Space | 916.86 Gb Free Space | 98.45% Space Free | Partition Type: FAT32

Computer Name: HEWLETT-PC
Current User Name: Hewlett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/04/15 05:30:01 | 000,099,840 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Adobe Systems\Microsoft Updater.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/08/27 17:57:12 | 005,904,896 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010/07/07 12:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/07/07 12:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/05/22 15:28:02 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/24 14:31:22 | 001,397,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
PRC - [2010/03/05 16:03:26 | 000,376,832 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe
PRC - [2010/03/05 16:02:02 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/20 16:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/07 17:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/02/23 11:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 08:18:23 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/05/22 15:28:02 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Hewlett\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/19 08:05:15 | 001,139,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2010/11/20 09:27:23 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2010/11/20 09:26:46 | 000,232,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2010/11/20 09:25:44 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2010/11/20 09:25:28 | 001,504,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2010/11/20 09:25:04 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2010/11/20 09:24:47 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2010/09/08 02:51:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/27 14:16:33 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/12/04 08:08:40 | 000,349,696 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/01 22:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/20 08:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/12/11 04:42:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/12/11 04:42:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/01/11 21:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 200(UVC)
DRV:64bit: - [2011/04/01 05:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/02/23 10:57:04 | 000,280,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/02/23 10:57:01 | 000,505,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/02/23 10:55:53 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/02/23 10:55:13 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/02/23 10:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/23 10:54:58 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/11/29 07:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:34:00 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2010/11/20 09:33:53 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2010/11/20 09:33:38 | 000,152,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2010/11/20 09:33:36 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:28:59 | 000,459,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2010/11/20 09:28:59 | 000,223,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:44:56 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2010/11/20 06:44:52 | 000,552,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2010/11/20 06:44:33 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2010/11/20 06:44:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2010/11/20 06:43:56 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2010/11/20 06:43:52 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2010/11/20 06:42:44 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2010/11/20 06:33:17 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2010/11/20 06:14:37 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2010/11/20 06:09:59 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2010/11/20 05:30:42 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 03:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 02:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/07 14:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 14:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 14:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 14:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 14:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 14:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 14:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 14:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 14:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 14:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 14:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/21 16:59:09 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/19 14:23:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/10/14 19:29:46 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/14 19:29:44 | 000,230,480 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/14 19:29:02 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/14 19:29:02 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/18 06:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/14 12:46:46 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2009/07/13 20:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009/07/13 20:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/01 08:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 08:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 08:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/12 14:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/07 11:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 12:24:59] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008/04/29 20:27:24 | 000,013,856 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\i-Menu\hugoio64.sys -- (hugoio64)
DRV - [2006/11/14 12:31:00 | 000,022,784 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://slickdeals.net/forums/index.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://slickdeals.net/forums/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.14.0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/29 20:12:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/05/20 16:47:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/02/27 19:32:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Discover\SOAN [2011/03/31 17:51:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/10 19:43:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 13:39:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/10 19:43:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 13:39:43 | 000,000,000 | ---D | M]

[2009/12/19 18:05:40 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mozilla\Extensions
[2010/05/19 21:00:57 | 000,000,000 | ---D | M] -- C:\Users\Hewlett\AppData\Roaming\mozilla\Firefox\Profiles\n8opkdmw.default\extensions
[2011/04/27 16:19:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/08 21:39:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/25 17:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 16:06:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 03:52:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 19:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 17:14:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/27 16:19:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2006/05/06 12:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\libvlc.dll
[2010/09/24 18:20:03 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2010/09/24 18:20:03 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
[2009/11/20 16:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/21 22:34:54 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/20 16:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Secure Online Account Numbers Helper) - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Secure Online Account Numbers) - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Microsoft Core Component] C:\Users\Hewlett\AppData\Roaming\Microsoft\csrss.exe (Microsoft)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Adobe Auto Updater] C:\Users\Hewlett\AppData\Roaming\Adobe Systems\Microsoft Updater.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\install\server.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Secure Online Account Numbers] C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [cdloader] C:\Users\Hewlett\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [HKCU] C:\Windows\SysWOW64\install\server.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NBJ] E:\JAN 18 prog files\NERO Burning ROM\Nero BackItUp\NBJ.exe File not found
O4 - Startup: C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\install\server.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\install\server.exe (Microsoft Corporation)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 2020panel.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2leep.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([my] http in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adperk.com ([riteaid] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: apa.org ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aveeno.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bayportcu.org ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bayportcu.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bhg.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: binsearch.info ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bonton.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bordersrewardsperks.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: buysub.com ([w1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bzzagent.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bzzagent.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cheetahmail.com ([reg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: coach.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: colgate.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: condenastdirect.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coorslight.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coupons.com ([bricks] http in Trusted sites)
O15 - HKCU\..Trusted Domains: coupons.com ([print] http in Trusted sites)
O15 - HKCU\..Trusted Domains: crafterschoice.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dailypress.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dealideal.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: debbiedoescoupons.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: discovercard.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dyyno.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: dyyno.com ([beta] https in Trusted sites)
O15 - HKCU\..Trusted Domains: eprize.com ([aarp.promo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: equifax.com ([fact.econsumer] https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([webmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: familycircle.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fatwallet.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fidelity.com ([login] https in Trusted sites)
O15 - HKCU\..Trusted Domains: finlandiapharmacyonline.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fitfeatures.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fnfismd.com ([carenet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: foodnetwork.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gethalls.com ([popadrop] http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalepanel.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([disney] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([secure.disneymovierewards] https in Trusted sites)
O15 - HKCU\..Trusted Domains: gongos.com ([survey2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gongos.com ([village] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([docs] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: grouponbot.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hallmarkoffers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ingdirect.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: instructables.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ipsosinteractive.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: itracks.com ([grus] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([shop3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jcpenney.com ([www4] http in Trusted sites)
O15 - HKCU\..Trusted Domains: jcprewards.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kodakgallery.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kohls.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kraftbrands.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: liveauctioneers.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lorealparisusa.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lowes.com ([registration] http in Trusted sites)
O15 - HKCU\..Trusted Domains: magazineline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magazines.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mail-scjohnson.com ([reg] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mccormick.com ([consumertesting] http in Trusted sites)
O15 - HKCU\..Trusted Domains: medcohealth.com ([host1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([store] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mturk.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mylifetime.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mypoints.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: myspace.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: neolips.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: netsuite.com ([checkout] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nzb.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: nzbmatrix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: nzbmatrix.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: officedepot.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: parentspeak.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: patronsocialclub.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: pb.com ([ibdswebp11-ext] https in Trusted sites)
O15 - HKCU\..Trusted Domains: petcarerx.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pgestore.com ([community] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pgeverydaysolutions.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pineconeresearch.com ([media] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pizzahut.com ([quikorder] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qualboard.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: raisethebarcontest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: recyclebank.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: redplumemail.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reebok.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: riteaid.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sephora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: slickdeals.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: smdisp.net ([mscuillume] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sslprotected.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: state.va.us ([wasdmz2.courts] http in Trusted sites)
O15 - HKCU\..Trusted Domains: suave.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tcm.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: testspin.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thehdroom.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tomtracker.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: topnzbsites.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tums.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: twitter.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ulta.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: universalstudios.com ([signup] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usps.com ([carrierpickup] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vanguard.com ([personal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([ebillpay] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([mediastore] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([myaccount] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizonwireless.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vivatowels.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vocalpoint.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wendysrealtime.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: womansday.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([edit] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc335.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yankeecandle.com ([www] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - L:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - O:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - O:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
O33 - MountPoints2\M\Shell\phone\command - "" = M:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\HPAppData
[2011/05/09 17:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/02 18:46:01 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup306.exe
[2011/04/27 16:19:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/04/27 16:19:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/04/27 16:19:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/04/27 16:18:22 | 000,887,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\jre-6u25-windows-i586-iftw.exe
[2011/04/24 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\Hewlett\AppData\Roaming\Sun
[2011/04/21 19:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/21 19:36:16 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup305.exe
[2011/04/13 13:50:33 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2011/04/13 13:50:33 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2011/04/13 13:50:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/13 13:50:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/13 13:50:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2011/04/13 13:50:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2011/04/13 13:50:30 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/13 13:50:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/13 13:50:30 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/13 13:50:30 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/13 13:50:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2011/04/13 13:50:30 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/13 13:50:29 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/13 13:50:29 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/13 13:50:29 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/13 13:50:29 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/13 13:50:28 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/13 13:50:28 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/13 13:50:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/13 13:50:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/13 13:50:00 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/13 13:50:00 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/13 13:50:00 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/13 13:50:00 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/13 13:50:00 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/13 13:50:00 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/13 13:50:00 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/13 13:49:44 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/13 13:49:44 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnsapi.dll
[2011/04/13 13:49:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/13 13:49:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/13 13:49:43 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2010/07/07 12:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/05/09 20:23:59 | 005,767,168 | -HS- | M] () -- C:\Users\Hewlett\ntuser.dat
[2011/05/09 20:19:49 | 000,000,329 | ---- | M] () -- C:\Users\Hewlett\Desktop\Malware Removal Guides and Tutorials - Geeks to Go Forums.url
[2011/05/09 20:15:19 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 20:15:19 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 20:13:10 | 000,796,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/09 20:13:10 | 000,673,774 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/09 20:13:10 | 000,124,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/09 20:07:58 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/09 20:07:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/05/09 20:07:44 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHewlett.job
[2011/05/09 20:07:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/05/09 20:03:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/05/09 20:03:23 | 000,524,288 | -HS- | M] () -- C:\Users\Hewlett\ntuser.dat{1bb4190e-7a98-11e0-8dca-e40e34760111}.TMContainer00000000000000000002.regtrans-ms
[2011/05/09 20:03:23 | 000,524,288 | -HS- | M] () -- C:\Users\Hewlett\ntuser.dat{1bb4190e-7a98-11e0-8dca-e40e34760111}.TMContainer00000000000000000001.regtrans-ms
[2011/05/09 20:03:23 | 000,065,536 | -HS- | M] () -- C:\Users\Hewlett\ntuser.dat{1bb4190e-7a98-11e0-8dca-e40e34760111}.TM.blf
[2011/05/09 20:03:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 20:03:20 | 1066,786,814 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 00:21:53 | 000,000,969 | ---- | M] () -- C:\Users\Hewlett\Desktop\QuickPar.lnk
[2011/05/07 19:25:42 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/03 21:33:53 | 000,000,297 | ---- | M] () -- C:\Users\Hewlett\Desktop\EXTRA Qs.url
[2011/05/03 20:58:35 | 000,000,296 | ---- | M] () -- C:\Users\Hewlett\Desktop\EBAY FEES.url
[2011/05/03 20:09:16 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2011/05/03 20:09:16 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2011/05/03 20:09:16 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000008-00000000-00000000-00001102-0000000B-00451102}.rfx
[2011/05/02 18:46:24 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/05/02 18:46:08 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup306.exe
[2011/05/02 00:00:19 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/04/27 16:18:28 | 000,887,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\jre-6u25-windows-i586-iftw.exe
[2011/04/26 21:59:37 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/04/21 19:36:31 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup305.exe
[2011/04/20 18:36:53 | 000,375,555 | ---- | M] () -- C:\Program Files (x86)\Windows6.1-KB979538-x64.msu
[2011/04/20 18:31:38 | 000,704,620 | ---- | M] () -- C:\Program Files (x86)\Windows6.1-KB2158563-x64.msu
[2011/04/20 18:30:40 | 002,962,993 | ---- | M] () -- C:\Program Files (x86)\Windows6.1-KB2388210-x64.msu
[2011/04/20 18:29:31 | 002,126,286 | ---- | M] () -- C:\Program Files (x86)\Windows6.1-KB2419640-x64.msu
[2011/04/14 15:31:04 | 000,000,486 | ---- | M] () -- C:\Users\Hewlett\Desktop\Random Thing Picker.url
[2011/04/14 05:08:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/04/14 05:08:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/04/14 05:08:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/04/14 05:07:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/04/13 14:01:28 | 000,477,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/05/09 20:19:49 | 000,000,329 | ---- | C] () -- C:\Users\Hewlett\Desktop\Malware Removal Guides and Tutorials - Geeks to Go Forums.url
[2011/05/09 20:03:23 | 000,524,288 | -HS- | C] () -- C:\Users\Hewlett\ntuser.dat{1bb4190e-7a98-11e0-8dca-e40e34760111}.TMContainer00000000000000000002.regtrans-ms
[2011/05/09 20:03:23 | 000,524,288 | -HS- | C] () -- C:\Users\Hewlett\ntuser.dat{1bb4190e-7a98-11e0-8dca-e40e34760111}.TMContainer00000000000000000001.regtrans-ms
[2011/05/09 20:03:23 | 000,065,536 | -HS- | C] () -- C:\Users\Hewlett\ntuser.dat{1bb4190e-7a98-11e0-8dca-e40e34760111}.TM.blf
[2011/05/03 21:33:53 | 000,000,297 | ---- | C] () -- C:\Users\Hewlett\Desktop\EXTRA Qs.url
[2011/05/03 20:58:35 | 000,000,296 | ---- | C] () -- C:\Users\Hewlett\Desktop\EBAY FEES.url
[2011/04/21 19:37:08 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/20 18:36:51 | 000,375,555 | ---- | C] () -- C:\Program Files (x86)\Windows6.1-KB979538-x64.msu
[2011/04/20 18:31:34 | 000,704,620 | ---- | C] () -- C:\Program Files (x86)\Windows6.1-KB2158563-x64.msu
[2011/04/20 18:30:35 | 002,962,993 | ---- | C] () -- C:\Program Files (x86)\Windows6.1-KB2388210-x64.msu
[2011/04/20 18:28:18 | 002,126,286 | ---- | C] () -- C:\Program Files (x86)\Windows6.1-KB2419640-x64.msu
[2011/04/14 15:31:04 | 000,000,486 | ---- | C] () -- C:\Users\Hewlett\Desktop\Random Thing Picker.url
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/03/14 19:15:15 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/09/21 16:43:03 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2010/09/06 13:51:49 | 000,000,077 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/07/07 13:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 12:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/06/01 02:08:24 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/14 18:28:23 | 000,003,120 | ---- | C] () -- C:\Windows\BCDSS10.ini
[2009/12/16 19:33:46 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/11 04:53:51 | 000,750,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/11 04:42:14 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/11 04:42:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/11 04:42:00 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/11/15 02:00:56 | 001,984,512 | ---- | C] () -- C:\Windows\SysWow64\avcodec-51.dll
[2009/11/15 02:00:56 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\avformat-50.dll
[2009/11/15 02:00:56 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\avutil-49.dll
[2009/07/15 21:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/01 02:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

========== Files - Unicode (All) ==========
[2010/02/16 00:00:56 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/02/16 00:00:56 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?r) -- C:\Windows\SysWow64\쓐ř
[2010/01/10 18:46:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?) -- C:\Windows\SysWow64\
[2010/01/10 18:46:32 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?) -- C:\Windows\SysWow64\

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6B9828AE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7A84B999
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:55F44B88
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C74D7A47
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:E32966C0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B
< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Vintage Charms! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

Sorry for the delay. Please follow the steps below:

Step 1

We need to run an OTL Fix

  • Please delete OTL.exe from your desktop.
  • Download OTL to your desktop.
  • Please open Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    PRC - [2011/04/15 05:30:01 | 000,099,840 | ---- | M] () -- C:\Users\Hewlett\AppData\Roaming\Adobe Systems\Microsoft Updater.exe
    O4:64bit: - HKLM..\Run: [Microsoft Core Component] C:\Users\Hewlett\AppData\Roaming\Microsoft\csrss.exe (Microsoft)
    O4 - HKLM..\Run: [Adobe Auto Updater] C:\Users\Hewlett\AppData\Roaming\Adobe Systems\Microsoft Updater.exe ()
    O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\install\server.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [HKCU] C:\Windows\SysWOW64\install\server.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\install\server.exe (Microsoft Corporation)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\install\server.exe (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: 2020panel.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: 2leep.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: adperk.com ([my] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: adperk.com ([my] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: adperk.com ([riteaid] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: apa.org ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aveeno.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: bayportcu.org ([www] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: bayportcu.org ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: bhg.com ([secure] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: binsearch.info ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: bonton.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: bordersrewardsperks.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: buysub.com ([w1] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: bzzagent.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: bzzagent.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: cheetahmail.com ([reg] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: coach.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: colgate.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: condenastdirect.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: coorslight.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: coupons.com ([bricks] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: coupons.com ([print] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: crafterschoice.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: dailypress.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: dealideal.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: debbiedoescoupons.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: discovercard.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: dyyno.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: dyyno.com ([beta] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: eprize.com ([aarp.promo] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: equifax.com ([fact.econsumer] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: excite.com ([webmail] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: familycircle.com ([secure] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: fatwallet.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: fidelity.com ([login] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: finlandiapharmacyonline.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: fitfeatures.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: fnfismd.com ([carenet] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: foodnetwork.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gethalls.com ([popadrop] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: globalepanel.com ([surveys] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: go.com ([disney] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: go.com ([secure.disneymovierewards] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: gongos.com ([survey2] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: gongos.com ([village] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: google.com ([docs] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: grouponbot.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: hallmarkoffers.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ingdirect.com ([secure] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: instructables.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ipsosinteractive.com ([surveys] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: itracks.com ([grus] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: jcpenney.com ([shop3] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: jcpenney.com ([www4] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: jcprewards.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: kodakgallery.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: kohls.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: kraftbrands.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: liveauctioneers.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: lorealparisusa.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: lowes.com ([registration] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: magazineline.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: magazines.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: mail-scjohnson.com ([reg] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mccormick.com ([consumertesting] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: medcohealth.com ([host1] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([store] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mturk.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: mylifetime.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mypoints.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: myspace.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: neolips.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: netsuite.com ([checkout] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: nzb.com ([www] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: nzbmatrix.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: nzbmatrix.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: officedepot.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: opinionoutpost.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: parentspeak.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: patronsocialclub.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: pb.com ([ibdswebp11-ext] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: petcarerx.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: pgestore.com ([community] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: pgeverydaysolutions.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: pineconeresearch.com ([media] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: pizzahut.com ([quikorder] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: qualboard.com ([secure] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: raisethebarcontest.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: recyclebank.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: redplumemail.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: reebok.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: riteaid.com ([www] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: sears.com ([www] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: sears.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: sephora.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: slickdeals.net ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: smdisp.net ([mscuillume] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: sonystyle.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: sslprotected.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: state.va.us ([wasdmz2.courts] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: suave.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: surveyrouter.com ([ups] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swagbucks.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: tcm.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: testspin.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: thehdroom.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: tomtracker.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: topnzbsites.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: tums.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: twitter.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ulta.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: universalstudios.com ([signup] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: usps.com ([carrierpickup] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: vanguard.com ([personal] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: verizonwireless.com ([ebillpay] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: verizonwireless.com ([mediastore] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: verizonwireless.com ([myaccount] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: verizonwireless.com ([www] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: vivatowels.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: vocalpoint.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: walmart.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: wendysrealtime.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: womansday.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: yahoo.com ([edit] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc335.mail] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: yankeecandle.com ([www] https in Trusted sites)
    O32 - AutoRun File - [2010/07/02 17:30:52 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - L:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - O:\AUTORUN.INF -- [ FAT32 ]
    O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - O:\AUTORUN -- [ FAT32 ]
    O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
    O33 - MountPoints2\M\Shell\phone\command - "" = M:\autorun.exe -- File not found


    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • aswMBR log
  • OTL log
  • Extras log

  • 0

#3
Vintage Charms

Vintage Charms

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Awww thanks. I gave up trying to fix it and did a back up to the day or so before and it seemed to get rid of whatever was causing it to screw up. I ran the scans and nothing has shown up again.
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No problem. Thank you for letting me know.
  • 0

#5
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP