Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC Power Speed Removal

Started by manualman58 , May 26 2011 11:12 AM

  • This topic is locked This topic is locked

#1
manualman58
Posted 26 May 2011 - 11:12 AM

manualman58

    Member

  • Member
  • PipPip
  • 23 posts
Hi folks, first thank you for your time... it's appreciated !
I have my friends computer and she has somehow downloaded this fake scanner(PC Power Speed)...I told her I knew where to get help so here are the OTL and Extras LOGs:
---------------------------------------------------------

OTL logfile created on: 5/26/2011 12:50:58 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\MTNAIR\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.23% Memory free
4.19 Gb Paging File | 3.13 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 165.65 Gb Free Space | 71.13% Space Free | Partition Type: NTFS

Computer Name: MTNAIR-PC | User Name: MTNAIR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 12:50:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MTNAIR\Desktop\OTL.exe
PRC - [2011/05/25 04:17:22 | 000,322,688 | ---- | M] (Crawler.com) -- C:\Program Files\PCPowerSpeed\PCPowerTray.exe
PRC - [2011/04/20 23:46:20 | 000,992,256 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files\RebateInformer\RebateInf.exe
PRC - [2011/01/13 04:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/14 17:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/05 09:24:08 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/04 18:48:30 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/02/02 22:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/06/08 05:35:44 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 05:35:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 05:35:40 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/23 17:19:34 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/04/23 17:19:34 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/04/03 10:21:30 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/02/27 09:50:42 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2006/11/02 05:45:53 | 001,137,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 12:50:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MTNAIR\Desktop\OTL.exe
MOD - [2011/01/13 04:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/04/04 18:48:29 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/04/23 17:19:34 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 04:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 04:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 04:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 04:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 04:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/08/10 21:00:38 | 000,059,904 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/08/10 21:00:32 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/08/10 21:00:30 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/08/10 21:00:28 | 000,033,024 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/07 15:24:24 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007/08/06 16:52:38 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/08 05:35:44 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/23 10:28:36 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/05/23 10:28:36 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/05/22 18:41:28 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/10/18 11:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2004/12/12 10:55:22 | 000,017,636 | ---- | M] (SHARP ECR) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ecrdrv.sys -- (ECRDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80051
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...id=80051&lng=en
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/05/04 17:43:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: () - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pulse Ambassador Update Setup] File not found
O4 - HKCU..\Run: [Pulse Ambassador Update Setup for All Users] C:\ProgramData\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe (Pulse Microsystems Ltd. )
O4 - HKCU..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_19)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{221ac50c-2a2b-11de-8e92-0013a9c02444}\Shell - "" = AutoRun
O33 - MountPoints2\{221ac50c-2a2b-11de-8e92-0013a9c02444}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{321ae67e-8653-11e0-b622-0013a9c02444}\Shell\AutoRun\command - "" = G:\JDLightning\Windows\JDLightning.exe
O33 - MountPoints2\{4be3ba44-d777-11de-b674-0013a9c02444}\Shell - "" = AutoRun
O33 - MountPoints2\{4be3ba44-d777-11de-b674-0013a9c02444}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b4270ce2-dc60-11df-b057-7a8020000200}\Shell\AutoRun\command - "" = G:\JDLightning\Windows\JDLightning.exe
O33 - MountPoints2\{b7358028-e1ae-11de-99d3-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{b7358028-e1ae-11de-99d3-7a8020000200}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ce26bab4-2159-11de-9e68-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce26bab4-2159-11de-9e68-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\I\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\I\Shell\install\command - "" = I:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 12:50:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\MTNAIR\Desktop\OTL.exe
[2011/05/26 12:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/26 12:11:23 | 000,000,000 | ---D | C] -- C:\Users\MTNAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/25 18:16:53 | 000,000,000 | ---D | C] -- C:\Users\MTNAIR\AppData\Roaming\Malwarebytes
[2011/05/25 18:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/25 18:16:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/25 18:16:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/25 18:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/25 18:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 21:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
[2011/05/03 21:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\AppGraffiti
[2011/05/03 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\MTNAIR\AppData\Roaming\PCPowerSpeed
[2011/05/03 21:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPowerSpeed
[2011/05/03 21:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\PCPowerSpeed
[2011/05/03 21:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Power Speed
[2011/05/03 21:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
[2011/05/03 21:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\RebateInformer
[2011/05/03 21:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox.com
[2011/05/03 21:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[2011/05/03 21:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox Toolbar

========== Files - Modified Within 30 Days ==========

[2011/05/26 12:50:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MTNAIR\Desktop\OTL.exe
[2011/05/26 12:46:09 | 000,009,124 | ---- | M] () -- C:\Users\MTNAIR\Desktop\HJTlogCathys1
[2011/05/26 12:28:15 | 000,002,525 | ---- | M] () -- C:\Users\MTNAIR\Desktop\HiJackThis.lnk
[2011/05/26 12:25:38 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/26 12:25:38 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/26 12:19:42 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 12:19:42 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/26 12:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/26 12:19:34 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/25 18:16:51 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 18:09:47 | 081,282,048 | ---- | M] () -- C:\Users\MTNAIR\Outlook.pst
[2011/05/03 21:44:32 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\PC Power Speed.lnk
[2011/05/03 21:44:26 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\RebateInformer.lnk
[2011/05/03 21:44:26 | 000,000,052 | ---- | M] () -- C:\Users\Public\Desktop\RebateGiant.com.url
[2011/04/30 09:49:21 | 000,005,120 | ---- | M] () -- C:\Users\MTNAIR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/05/26 12:46:09 | 000,009,124 | ---- | C] () -- C:\Users\MTNAIR\Desktop\HJTlogCathys1
[2011/05/26 12:11:23 | 000,002,525 | ---- | C] () -- C:\Users\MTNAIR\Desktop\HiJackThis.lnk
[2011/05/25 19:03:09 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/25 18:16:51 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 21:44:32 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\PC Power Speed.lnk
[2011/05/03 21:44:26 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\RebateInformer.lnk
[2011/05/03 21:44:26 | 000,000,052 | ---- | C] () -- C:\Users\Public\Desktop\RebateGiant.com.url
[2010/12/07 19:50:38 | 000,045,163 | ---- | C] () -- C:\Windows\System32\javaw.exe
[2010/12/07 19:50:38 | 000,045,161 | ---- | C] () -- C:\Windows\System32\java.exe
[2010/05/14 11:15:42 | 000,000,524 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/05/12 19:35:02 | 000,186,769 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/05/12 19:35:02 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/05/04 17:28:40 | 000,148,300 | ---- | C] () -- C:\Windows\hpoins36.dat
[2010/05/04 17:28:40 | 000,000,524 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/08/07 00:15:44 | 000,000,000 | ---- | C] () -- C:\Windows\EcrLnkTm.INI
[2009/04/05 16:27:24 | 000,000,279 | ---- | C] () -- C:\Users\MTNAIR\AppData\Local\RAExpertHistory.xml
[2009/04/05 16:11:07 | 000,000,391 | ---- | C] () -- C:\Users\MTNAIR\AppData\Local\rahistory.xml
[2009/04/05 15:09:09 | 000,148,958 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/04/05 15:08:48 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/04/04 19:35:56 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/04/04 19:14:19 | 000,005,120 | ---- | C] () -- C:\Users\MTNAIR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/04 16:49:52 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/04/04 16:49:52 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/04/04 16:49:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1230.dll
[2009/04/04 16:48:13 | 000,000,680 | ---- | C] () -- C:\Users\MTNAIR\AppData\Local\d3d9caps.dat
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,387,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:29 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006/11/02 08:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,621,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,868 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll

< End of report >

------------------------------------------
and the Extras Log
------------------------------------------
OTL Extras logfile created on: 5/26/2011 12:50:58 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\MTNAIR\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.23% Memory free
4.19 Gb Paging File | 3.13 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 165.65 Gb Free Space | 71.13% Space Free | Partition Type: NTFS

Computer Name: MTNAIR-PC | User Name: MTNAIR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{94906752-5B69-4D82-A22E-F768A5DA3AE5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F10723-BFEE-4086-8464-5180989B3260}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0E4A6DAD-E6E4-4FEC-AF10-1F087E4F8F8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2CD63510-1BB0-4E82-A002-E8DA35E4EC23}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{2EC1E1A5-1294-431C-9DB2-9080843BE95D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F767FD2-DBFB-4776-AC07-122A20E1BD67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30BB3382-5BE6-4D95-80E6-C208F35917B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{313060B0-5194-48CA-BF1C-9D04AD33C21B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{3EAD0462-D8C8-412E-B604-10E74E2AC84E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{440192FE-D0A4-425F-AD39-222433EC4060}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{44FFDD8A-60C1-454D-BD41-C4B28BAB0F8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D76E6EA-7896-4D61-BC51-2F46B60F47B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5C43A2E4-4A73-41FE-8581-42C54C084C0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{677DBC38-E96C-4895-B351-B44CE0FC9F6A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7096869E-8A7D-4F21-83EE-3DC84113A748}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{830B1268-5307-4D3E-AB2A-DF22132563EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{8B330A00-3D38-4CB8-83A7-0314A5CF57A7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{975A7CFC-23FE-4FE0-A675-62F16811A367}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A042B87B-98FD-46DF-8D77-83BFB44158EA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B7D5553B-5775-4959-B3A8-5FA7330B28C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{CC5D03BF-9611-4565-AE01-B1BEE48CD20B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{CE9275AD-55FF-434D-A371-EA2A41B20DB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D0B9CBF3-55FD-4A3F-A0E3-BC8F1A134691}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{EFCB3DB6-48BD-41B6-97D8-29864C223F9C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F0DDE1D8-C2B9-454B-80C0-A509D2C5F54E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F6616B56-0097-484B-BE1B-7AD443BBEFEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{FE002C07-5DA5-4106-9A45-20D822385A9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{FF7071FD-5EAB-4CF0-B183-B7C0CF64539C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{428A6DA3-FD56-44AE-B602-15DCCD6A7515}" = VAIO AV Mode Launcher
"{459f39ae-fa19-4722-a6cf-b0e80ee2a21f}" = PS_AIO_05_C4600_Software_Min
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}" = Mobile Broadband Generic Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73298097-637a-47cd-9a41-0b78288e5562}" = C4600
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = PageRage 1.10.01
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A2F0810-3623-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Accountant Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FDEF7FC-0D03-4CAE-9DC3-1F436A93BDA4}" = Pulse Ambassador
"{A2132BB7-E6F8-47C0-A92C-90A5396A6850}" = Customer Support Tool A40S
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.0
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC245BDC-9974-4fe0-8A9F-6031C26E2DC7}" = HP Photosmart C4600 All-In-One Driver Software 12.0 Rel .5
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E6A715CB-2912-403A-97A1-2A00F65A012E}" = Customer Support Tool A41S
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PageRage Toolbar" = PageRage Toolbar
"PowerISO" = PowerISO
"Pulse Ambassador" = Pulse Ambassador
"Shop for HP Supplies" = Shop for HP Supplies
"VZAccess Manager" = VZAccess Manager
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2011 7:14:02 PM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Trying to process a record 60 : Mountain Airbrush Checking for List
Review edlist without actually being in a write transacti

Error - 5/21/2011 7:18:19 PM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Error: Verify Template list. Duplicate name encountered. Name:
Work Order Records 12 (24) and 19 (25). To fix, edit this element in the list
and change its name

Error - 5/21/2011 7:38:39 PM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Trying to process a record 60 : Mountain Airbrush Checking for List
Review edlist without actually being in a write transacti

Error - 5/21/2011 7:42:12 PM | Computer Name = MTNAIR-PC | Source = Application Error | ID = 1000
Description = Faulting application qbw32.exe, version 19.0.4012.705, time stamp
0x4c8fcd8e, faulting module ole32.dll, version 6.0.6000.16386, time stamp 0x4549bd92,
exception code 0xc0000005, fault offset 0x00041022, process id 0x1240, application
start time 0x01cc180a6bebef3b.

Error - 5/24/2011 6:07:13 PM | Computer Name = MTNAIR-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/24/2011 6:17:14 PM | Computer Name = MTNAIR-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/25/2011 6:53:43 PM | Computer Name = MTNAIR-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/25/2011 7:05:43 PM | Computer Name = MTNAIR-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/26/2011 10:58:26 AM | Computer Name = MTNAIR-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/26/2011 12:22:06 PM | Computer Name = MTNAIR-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

[ System Events ]
Error - 5/25/2011 6:54:04 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/25/2011 6:54:04 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/25/2011 6:54:04 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/25/2011 6:54:04 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/25/2011 6:54:18 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/25/2011 6:54:19 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/25/2011 6:54:19 PM | Computer Name = MTNAIR-PC | Source = DCOM | ID = 10005
Description =

Error - 5/26/2011 10:57:35 AM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/26/2011 12:18:02 PM | Computer Name = MTNAIR-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 5/26/2011 12:20:50 PM | Computer Name = MTNAIR-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =


< End of report >

the Rebate and pagerage BHOs look suspicious to me as well, what do you think?
  • 0

Advertisements

#2
Render
Posted 02 June 2011 - 12:10 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, manualman58! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image

    Step 3

    Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[*]On completion of the scan click Save log, save it to your desktop and post in your next reply.[/list]
When completed the above, please post back the following in the order asked for:
  • Contents of the RKreport.txt
  • aswMBR log
  • OTL scan log
  • Extras log

  • 0

#3
manualman58
Posted 03 June 2011 - 09:24 AM

manualman58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Render, thanks... heres' the RK Log:

--------------
RogueKiller V5.2.1 [06/02/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User: MTNAIR [Admin rights]
Mode: Scan -- Date : 06/03/2011 10:31:48

Bad processes: 0

Registry Entries: 6
[SUSP PATH] HKCU\[...]\Run : Pulse Ambassador Update Setup (C:\Users\MTNAIR\AppData\Local\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe /updatesetup) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Pulse Ambassador Update Setup for All Users (C:\ProgramData\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe /updatesetup) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-627100145-3840112851-3989780239-1000[...]\Run : Pulse Ambassador Update Setup (C:\Users\MTNAIR\AppData\Local\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe /updatesetup) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-627100145-3840112851-3989780239-1000[...]\Run : Pulse Ambassador Update Setup for All Users (C:\ProgramData\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe /updatesetup) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << \RKreport[1].txt >>
RKreport[1].txt

----------------------
and the aswMBR
----------------------
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-03 11:15:41
-----------------------------
11:15:41.466 OS Version: Windows 6.0.6000
11:15:41.466 Number of processors: 2 586 0xF0D
11:15:41.466 ComputerName: MTNAIR-PC UserName: MTNAIR
11:15:42.496 Initialize success
11:15:47.987 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:15:47.987 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
11:15:48.002 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
11:15:48.002 Disk 1 Vendor: ( Size: 238475MB BusType: 0
11:15:48.002 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
11:15:48.018 Disk 2 Vendor: ( Size: 238475MB BusType: 0
11:15:48.065 Disk 0 MBR read successfully
11:15:48.065 Disk 0 MBR scan
11:15:48.065 Disk 0 unknown MBR code
11:15:48.080 Disk 0 scanning sectors +488394752
11:15:48.127 Disk 0 scanning C:\Windows\system32\drivers
11:15:52.745 Service scanning
11:15:54.211 Disk 0 trace - called modules:
11:15:54.211 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
11:15:54.227 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c95ad8]
11:15:54.227 3 ntkrnlpa.exe[824b07e2] -> nt!IofCallDriver -> [0x84c0a7a8]
11:15:54.242 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84c10030]
11:15:54.242 Scan finished successfully
11:16:11.122 Disk 0 MBR has been saved successfully to "C:\Users\MTNAIR\Desktop\MBR.dat"
11:16:11.137 The log file has been saved successfully to "C:\Users\MTNAIR\Desktop\aswMBR.txt"
------------
now the OTL LOG
---------------
OTL logfile created on: 6/3/2011 10:53:59 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\MTNAIR\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.72% Memory free
4.19 Gb Paging File | 3.21 Gb Available in Paging File | 76.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 169.58 Gb Free Space | 72.82% Space Free | Partition Type: NTFS

Computer Name: MTNAIR-PC | User Name: MTNAIR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 12:50:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MTNAIR\Desktop\OTL.exe
PRC - [2011/05/25 04:17:22 | 000,322,688 | ---- | M] (Crawler.com) -- C:\Program Files\PCPowerSpeed\PCPowerTray.exe
PRC - [2011/04/20 23:46:20 | 000,992,256 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files\RebateInformer\RebateInf.exe
PRC - [2011/01/13 04:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/14 17:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/05 09:24:08 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/04 18:48:30 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/04/04 18:48:29 | 000,318,648 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/06/08 05:35:44 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 05:35:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 05:35:40 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/04/23 17:19:34 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/04/23 17:19:34 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/04/03 10:21:30 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/02/27 09:50:42 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 12:50:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MTNAIR\Desktop\OTL.exe
MOD - [2011/01/13 04:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/03/04 15:24:26 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009/04/04 18:53:15 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemcomn.dll
MOD - [2009/03/03 00:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2006/11/02 05:46:14 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2006/11/02 05:46:13 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2006/11/02 05:46:13 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2006/11/02 05:46:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2006/11/02 05:46:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/04/04 18:48:29 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/04/23 17:19:34 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 04:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 04:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 04:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 04:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 04:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/08/10 21:00:38 | 000,059,904 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/08/10 21:00:32 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/08/10 21:00:30 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/08/10 21:00:28 | 000,033,024 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/07 15:24:24 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007/08/06 16:52:38 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/08 05:35:44 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/23 10:28:36 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/05/23 10:28:36 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/05/22 18:41:28 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/10/18 11:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2004/12/12 10:55:22 | 000,017,636 | ---- | M] (SHARP ECR) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ecrdrv.sys -- (ECRDRV)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80051
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...id=80051&lng=en
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/06 11:20:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/05/04 17:43:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: () - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-627100145-3840112851-3989780239-1000..\Run: [Pulse Ambassador Update Setup] File not found
O4 - HKU\S-1-5-21-627100145-3840112851-3989780239-1000..\Run: [Pulse Ambassador Update Setup for All Users] C:\ProgramData\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe (Pulse Microsystems Ltd. )
O4 - HKU\S-1-5-21-627100145-3840112851-3989780239-1000..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_19)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{221ac50c-2a2b-11de-8e92-0013a9c02444}\Shell - "" = AutoRun
O33 - MountPoints2\{221ac50c-2a2b-11de-8e92-0013a9c02444}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{321ae67e-8653-11e0-b622-0013a9c02444}\Shell\AutoRun\command - "" = G:\JDLightning\Windows\JDLightning.exe
O33 - MountPoints2\{4be3ba44-d777-11de-b674-0013a9c02444}\Shell - "" = AutoRun
O33 - MountPoints2\{4be3ba44-d777-11de-b674-0013a9c02444}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b4270ce2-dc60-11df-b057-7a8020000200}\Shell\AutoRun\command - "" = G:\JDLightning\Windows\JDLightning.exe
O33 - MountPoints2\{b7358028-e1ae-11de-99d3-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{b7358028-e1ae-11de-99d3-7a8020000200}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ce26bab4-2159-11de-9e68-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ce26bab4-2159-11de-9e68-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\I\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\I\Shell\install\command - "" = I:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\MTNAIR\Desktop\RK_Quarantine
[2011/06/03 10:29:57 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\MTNAIR\Desktop\aswMBR.exe
[2011/05/26 12:50:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\MTNAIR\Desktop\OTL.exe
[2011/05/26 12:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/26 12:11:23 | 000,000,000 | ---D | C] -- C:\Users\MTNAIR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/25 18:16:53 | 000,000,000 | ---D | C] -- C:\Users\MTNAIR\AppData\Roaming\Malwarebytes
[2011/05/25 18:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/25 18:16:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/25 18:16:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/25 18:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/25 18:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/06/03 10:34:35 | 000,000,512 | ---- | M] () -- C:\Users\MTNAIR\Desktop\MBR.dat
[2011/06/03 10:30:00 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/03 10:30:00 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/03 10:17:27 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 10:17:27 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 10:17:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 10:17:15 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 10:11:50 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\MTNAIR\Desktop\aswMBR.exe
[2011/06/03 10:10:42 | 000,508,928 | ---- | M] () -- C:\Users\MTNAIR\Desktop\RogueKiller.exe
[2011/05/26 12:50:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\MTNAIR\Desktop\OTL.exe
[2011/05/26 12:46:09 | 000,009,124 | ---- | M] () -- C:\Users\MTNAIR\Desktop\HJTlogCathys1
[2011/05/26 12:28:15 | 000,002,525 | ---- | M] () -- C:\Users\MTNAIR\Desktop\HiJackThis.lnk
[2011/05/25 18:16:51 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/25 18:09:47 | 081,282,048 | ---- | M] () -- C:\Users\MTNAIR\Outlook.pst

========== Files Created - No Company Name ==========

[2011/06/03 10:34:35 | 000,000,512 | ---- | C] () -- C:\Users\MTNAIR\Desktop\MBR.dat
[2011/06/03 10:29:39 | 000,508,928 | ---- | C] () -- C:\Users\MTNAIR\Desktop\RogueKiller.exe
[2011/05/26 12:46:09 | 000,009,124 | ---- | C] () -- C:\Users\MTNAIR\Desktop\HJTlogCathys1
[2011/05/26 12:11:23 | 000,002,525 | ---- | C] () -- C:\Users\MTNAIR\Desktop\HiJackThis.lnk
[2011/05/25 19:03:09 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/25 18:16:51 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/07 19:50:38 | 000,045,163 | ---- | C] () -- C:\Windows\System32\javaw.exe
[2010/12/07 19:50:38 | 000,045,161 | ---- | C] () -- C:\Windows\System32\java.exe
[2010/05/14 11:15:42 | 000,000,524 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010/05/12 19:35:02 | 000,186,769 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/05/12 19:35:02 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/05/04 17:28:40 | 000,148,300 | ---- | C] () -- C:\Windows\hpoins36.dat
[2010/05/04 17:28:40 | 000,000,524 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2009/08/07 00:15:44 | 000,000,000 | ---- | C] () -- C:\Windows\EcrLnkTm.INI
[2009/04/05 16:27:24 | 000,000,279 | ---- | C] () -- C:\Users\MTNAIR\AppData\Local\RAExpertHistory.xml
[2009/04/05 16:11:07 | 000,000,391 | ---- | C] () -- C:\Users\MTNAIR\AppData\Local\rahistory.xml
[2009/04/05 15:09:09 | 000,148,958 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/04/05 15:08:48 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/04/04 19:35:56 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/04/04 19:14:19 | 000,005,120 | ---- | C] () -- C:\Users\MTNAIR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/04 16:49:52 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/04/04 16:49:52 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/04/04 16:49:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1230.dll
[2009/04/04 16:48:13 | 000,000,680 | ---- | C] () -- C:\Users\MTNAIR\AppData\Local\d3d9caps.dat
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,387,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:29 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006/11/02 08:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,621,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,868 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll

========== LOP Check ==========

[2010/09/27 19:46:01 | 000,000,000 | ---D | M] -- C:\Users\MTNAIR\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/24 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\MTNAIR\AppData\Roaming\Image Zone Express
[2011/05/24 18:42:50 | 000,000,000 | ---D | M] -- C:\Users\MTNAIR\AppData\Roaming\PCPowerSpeed
[2009/11/01 12:19:31 | 000,000,000 | ---D | M] -- C:\Users\MTNAIR\AppData\Roaming\Printer Info Cache
[2010/02/13 11:28:34 | 000,000,000 | ---D | M] -- C:\Users\MTNAIR\AppData\Roaming\Smith Micro
[2011/05/28 11:01:04 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.EXE >


< MD5 for: EXPLORER.EXE >
[2009/04/05 09:24:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2009/04/05 09:24:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/05 09:24:08 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/05 09:24:07 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/04 18:53:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009/04/04 18:53:12 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/05 09:24:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\848c23cf13d83b3e0a6f1da97f3af588\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\848c23cf13d83b3e0a6f1da97f3af588\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\848c23cf13d83b3e0a6f1da97f3af588\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%*./mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 12:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 12:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation)

< End of report >
--------------------------
and finally the EXTRAS log file.....
--------------------------
OTL Extras logfile created on: 6/3/2011 10:53:59 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\MTNAIR\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.72% Memory free
4.19 Gb Paging File | 3.21 Gb Available in Paging File | 76.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 169.58 Gb Free Space | 72.82% Space Free | Partition Type: NTFS

Computer Name: MTNAIR-PC | User Name: MTNAIR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{94906752-5B69-4D82-A22E-F768A5DA3AE5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F10723-BFEE-4086-8464-5180989B3260}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0E4A6DAD-E6E4-4FEC-AF10-1F087E4F8F8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2CD63510-1BB0-4E82-A002-E8DA35E4EC23}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{2EC1E1A5-1294-431C-9DB2-9080843BE95D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F767FD2-DBFB-4776-AC07-122A20E1BD67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{30BB3382-5BE6-4D95-80E6-C208F35917B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{313060B0-5194-48CA-BF1C-9D04AD33C21B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{3EAD0462-D8C8-412E-B604-10E74E2AC84E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{440192FE-D0A4-425F-AD39-222433EC4060}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{44FFDD8A-60C1-454D-BD41-C4B28BAB0F8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D76E6EA-7896-4D61-BC51-2F46B60F47B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{5C43A2E4-4A73-41FE-8581-42C54C084C0F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{677DBC38-E96C-4895-B351-B44CE0FC9F6A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7096869E-8A7D-4F21-83EE-3DC84113A748}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{830B1268-5307-4D3E-AB2A-DF22132563EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{8B330A00-3D38-4CB8-83A7-0314A5CF57A7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{975A7CFC-23FE-4FE0-A675-62F16811A367}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A042B87B-98FD-46DF-8D77-83BFB44158EA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B7D5553B-5775-4959-B3A8-5FA7330B28C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{CC5D03BF-9611-4565-AE01-B1BEE48CD20B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{CE9275AD-55FF-434D-A371-EA2A41B20DB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D0B9CBF3-55FD-4A3F-A0E3-BC8F1A134691}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{EFCB3DB6-48BD-41B6-97D8-29864C223F9C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F0DDE1D8-C2B9-454B-80C0-A509D2C5F54E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{F6616B56-0097-484B-BE1B-7AD443BBEFEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{FE002C07-5DA5-4106-9A45-20D822385A9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{FF7071FD-5EAB-4CF0-B183-B7C0CF64539C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{428A6DA3-FD56-44AE-B602-15DCCD6A7515}" = VAIO AV Mode Launcher
"{459f39ae-fa19-4722-a6cf-b0e80ee2a21f}" = PS_AIO_05_C4600_Software_Min
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}" = Mobile Broadband Generic Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73298097-637a-47cd-9a41-0b78288e5562}" = C4600
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = PageRage 1.10.01
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A2F0810-3623-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Accountant Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FDEF7FC-0D03-4CAE-9DC3-1F436A93BDA4}" = Pulse Ambassador
"{A2132BB7-E6F8-47C0-A92C-90A5396A6850}" = Customer Support Tool A40S
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.0
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC245BDC-9974-4fe0-8A9F-6031C26E2DC7}" = HP Photosmart C4600 All-In-One Driver Software 12.0 Rel .5
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E6A715CB-2912-403A-97A1-2A00F65A012E}" = Customer Support Tool A41S
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PageRage Toolbar" = PageRage Toolbar
"PowerISO" = PowerISO
"Pulse Ambassador" = Pulse Ambassador
"Shop for HP Supplies" = Shop for HP Supplies
"VZAccess Manager" = VZAccess Manager
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/28/2011 10:45:33 AM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 5/28/2011 10:45:45 AM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Connection Error:Invalid user ID or passwo

Error - 5/28/2011 10:45:45 AM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Connection String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company
Files\Mountain Air.QBW;ENG=QB_data_engine_19;DBN=cd1f60e0d8fa4c36ba146ab0891030

Error - 5/28/2011 10:45:45 AM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from
file:'.\.\src\ConnPool.cpp' at line 1003 from function:'DBMgr::DBConnPool::ini

Error - 5/28/2011 10:45:58 AM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": An attempt to LogOff without a logo

Error - 5/28/2011 10:46:18 AM | Computer Name = MTNAIR-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/28/2011 10:48:37 AM | Computer Name = MTNAIR-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Accountant
Edition 2009": Trying to process a record 60 : Mountain Airbrush Checking for List
Review edlist without actually being in a write transacti

Error - 5/28/2011 11:00:45 AM | Computer Name = MTNAIR-PC | Source = Application Error | ID = 1000
Description = Faulting application qbw32.exe, version 19.0.4012.705, time stamp
0x4c8fcd8e, faulting module ole32.dll, version 6.0.6000.16386, time stamp 0x4549bd92,
exception code 0xc0000005, fault offset 0x00041022, process id 0x1600, application
start time 0x01cc1d45e0db3f36.

Error - 5/31/2011 6:11:22 PM | Computer Name = MTNAIR-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 6/3/2011 10:19:44 AM | Computer Name = MTNAIR-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

[ System Events ]
Error - 5/26/2011 12:20:50 PM | Computer Name = MTNAIR-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 5/26/2011 7:03:29 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/26/2011 8:28:04 PM | Computer Name = MTNAIR-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:14:45 PM on 5/26/2011 was unexpected.

Error - 5/26/2011 8:29:42 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/28/2011 9:15:02 AM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/28/2011 9:20:26 AM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 5/28/2011 10:43:47 AM | Computer Name = MTNAIR-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:27:15 AM on 5/28/2011 was unexpected.

Error - 5/28/2011 10:44:57 AM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/31/2011 6:10:33 PM | Computer Name = MTNAIR-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/3/2011 10:17:21 AM | Computer Name = MTNAIR-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:49:08 PM on 5/31/2011 was unexpected.


< End of report >
-------------------------

there you are, thank you for you time...
  • 0

#4
Render
Posted 03 June 2011 - 10:32 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please follow the steps below:

Step 1

Please un-install following programs:
  • PC Power Speed 1.0.0.0
  • Conduit Engine

Are you aware of these programs: Rebate informer and Pulse Ambassador ?

How to unistall program in Windows Vista:

  • Open Programs and Features by clicking the Start button Posted Image, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Select a program(s) listed above, and then click Uninstall. Some programs include the option to change or repair the program in addition to uninstalling it. But many simply offer the option to uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Step 2

We need to run an OTL Fix

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    PRC - [2011/05/25 04:17:22 | 000,322,688 | ---- | M] (Crawler.com) -- C:\Program Files\PCPowerSpeed\PCPowerTray.exe
    IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-627100145-3840112851-3989780239-1000\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
    O33 - MountPoints2\{221ac50c-2a2b-11de-8e92-0013a9c02444}\Shell - "" = AutoRun
    O33 - MountPoints2\{221ac50c-2a2b-11de-8e92-0013a9c02444}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{321ae67e-8653-11e0-b622-0013a9c02444}\Shell\AutoRun\command - "" = G:\JDLightning\Windows\JDLightning.exe
    O33 - MountPoints2\{4be3ba44-d777-11de-b674-0013a9c02444}\Shell - "" = AutoRun
    O33 - MountPoints2\{4be3ba44-d777-11de-b674-0013a9c02444}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{b4270ce2-dc60-11df-b057-7a8020000200}\Shell\AutoRun\command - "" = G:\JDLightning\Windows\JDLightning.exe
    O33 - MountPoints2\{b7358028-e1ae-11de-99d3-7a8020000200}\Shell - "" = AutoRun
    O33 - MountPoints2\{b7358028-e1ae-11de-99d3-7a8020000200}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{ce26bab4-2159-11de-9e68-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{ce26bab4-2159-11de-9e68-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\I\Shell - "" = AutoRun
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE
    O33 - MountPoints2\I\Shell\configure\command - "" = I:\SETUP.EXE
    O33 - MountPoints2\I\Shell\install\command - "" = I:\SETUP.EXE

    :Files
    C:\Program Files\PCPowerSpeed
    C:\Program Files\ConduitEngine
    C:\Users\MTNAIR\AppData\Roaming\PCPowerSpeed
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Please download AVP Tool by Kaspersky. Save it to your desktop, and reboot your computer into SafeMode.

  • You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  • Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit OK at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    Hidden Startup Objects
    System Memory
    Disk Boot Sectors.
    My Computer.
    Also any other drives (Removable that you may have)
  • Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all.
  • If it says it cannot be Neutralized then choose the delete option when prompted.
  • After that is done click on the Reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and post it in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • AVP tool report

  • 0

#5
manualman58
Posted 08 June 2011 - 05:41 AM

manualman58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sorry so long to reply...crazy work hours
Pulse ambassador is a legit program
rebate informer was not , deleted it with conduit engine and pc power speed.
here is the Otl fix report
------------------------

All processes killed
========== OTL ==========
No active process named PCPowerTray.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9565115d-c7d6-46d3-bd63-b67b481a4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ deleted successfully.
C:\Program Files\PageRage\prxtbPage.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ not found.
File C:\Program Files\PageRage\prxtbPage.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-627100145-3840112851-3989780239-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9565115D-C7D6-46D3-BD63-B67B481A4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}\ not found.
File C:\Program Files\PageRage\prxtbPage.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCPowerSpeed not found.
File C:\Program Files\PCPowerSpeed\PCPowerTray.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{221ac50c-2a2b-11de-8e92-0013a9c02444}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{221ac50c-2a2b-11de-8e92-0013a9c02444}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{221ac50c-2a2b-11de-8e92-0013a9c02444}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{221ac50c-2a2b-11de-8e92-0013a9c02444}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{321ae67e-8653-11e0-b622-0013a9c02444}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321ae67e-8653-11e0-b622-0013a9c02444}\ not found.
G:\JDLightning\Windows\JDLightning.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4be3ba44-d777-11de-b674-0013a9c02444}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4be3ba44-d777-11de-b674-0013a9c02444}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4be3ba44-d777-11de-b674-0013a9c02444}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4be3ba44-d777-11de-b674-0013a9c02444}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4270ce2-dc60-11df-b057-7a8020000200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4270ce2-dc60-11df-b057-7a8020000200}\ not found.
File G:\JDLightning\Windows\JDLightning.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7358028-e1ae-11de-99d3-7a8020000200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7358028-e1ae-11de-99d3-7a8020000200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7358028-e1ae-11de-99d3-7a8020000200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7358028-e1ae-11de-99d3-7a8020000200}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce26bab4-2159-11de-9e68-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce26bab4-2159-11de-9e68-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce26bab4-2159-11de-9e68-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce26bab4-2159-11de-9e68-806e6f6e6963}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\SETUP.EXE not found.
========== FILES ==========
File\Folder C:\Program Files\PCPowerSpeed not found.
C:\Program Files\ConduitEngine folder moved successfully.
File\Folder C:\Users\MTNAIR\AppData\Roaming\PCPowerSpeed not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\MTNAIR\Desktop\sECURITY\cmd.bat deleted successfully.
C:\Users\MTNAIR\Desktop\sECURITY\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MTNAIR
->Temp folder emptied: 5719228566 bytes
->Temporary Internet Files folder emptied: 150876166 bytes
->Java cache emptied: 3715462 bytes
->Flash cache emptied: 129334 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60328403 bytes
RecycleBin emptied: 7859863 bytes

Total Files Cleaned = 5,667.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: MTNAIR
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.23.0 log created on 06072011_184302

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\mpengine.dlldf32290a not found!
File\Folder C:\Windows\temp\TMP00000001126863C03B073898 not found!
File\Folder C:\Windows\temp\TMP0000001748FEC8837A4A2873 not found!

Registry entries deleted on Reboot...
---------------
and Kas
--------------
Autoscan: stopped 1 hour ago (events: 2, objects: 2017, time: 00:02:57)
6/7/2011 9:19:28 PM Task started
6/7/2011 9:22:25 PM Task stopped
Autoscan: completed 23 minutes ago (events: 2, objects: 284201, time: 00:41:58)
6/7/2011 9:22:33 PM Task started
6/7/2011 10:04:31 PM Task completed

----------------
the programs did not reintall themselves on reboot...updated avast...malware bytes showed nothing...
  • 0

#6
Render
Posted 08 June 2011 - 05:48 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Problem solved now then?
  • 0

#7
manualman58
Posted 08 June 2011 - 10:36 AM

manualman58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Believe so thank you !
  • 0

#8
Render
Posted 08 June 2011 - 01:26 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :Commands
    [ClearAllRestorePoints]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#9
Render
Posted 17 June 2011 - 07:40 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP