Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

redirect virus /windows update errors [Solved]

Started by houtex101 , Jan 12 2012 03:08 AM

  • This topic is locked This topic is locked

#1
houtex101
Posted 12 January 2012 - 03:08 AM

houtex101

    New Member

  • Member
  • Pip
  • 6 posts
Hello, I have reinstalled windows and recovered my computer many times and I still cannot get rid of the problem. Basically, my browsers will either suddenly stop working when I try to download any security software. the computer will not install itunes correctly anymore either. i currently have Norton security suite that came with my ISP and I go to Norton website and try to download updates and it wont even recognize that I have the anti virus installed. yet, I go to check and my computer and it says everything is working properly but i know it is not. I really need help resolving this issue. it did not start with Norton either, this issue continues to linger because it seems that no one can find the underlying problem. Thank you in advance for your help. Attache is the OTL log:
OTL logfile created on: 1/12/2012 2:32:31 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\UNIT\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.27% Memory free
11.98 Gb Paging File | 9.95 Gb Available in Paging File | 83.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 463.65 Gb Total Space | 396.85 Gb Free Space | 85.59% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 70.29 Mb Free Space | 70.29% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.99 Gb Free Space | 99.80% Space Free | Partition Type: FAT32

Computer Name: UNIT-PC | User Name: UNIT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/12 02:31:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UNIT\Desktop\OTL.exe
PRC - [2011/12/17 11:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/12/17 11:15:12 | 004,689,992 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2009/07/30 22:48:36 | 000,076,584 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe
PRC - [2009/07/23 22:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 13:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/09 21:51:10 | 000,323,672 | -H-- | M] (DeviceVM, Inc.) -- C:\IOS.SYS\config\DVMExportService.exe
PRC - [2009/06/22 14:37:26 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 22:25:16 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll
MOD - [2012/01/11 22:25:14 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
MOD - [2012/01/11 22:24:55 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
MOD - [2012/01/11 22:23:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2012/01/11 22:23:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8a7d8a1bed270870c645ff47913f062a\System.IdentityModel.Selectors.ni.dll
MOD - [2012/01/11 22:23:09 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
MOD - [2012/01/11 22:23:08 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MOD - [2012/01/11 22:23:06 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
MOD - [2012/01/11 22:23:05 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
MOD - [2012/01/11 21:37:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2012/01/11 21:37:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2012/01/11 21:37:20 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
MOD - [2012/01/11 21:37:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/11 21:37:11 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2012/01/11 21:37:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2012/01/11 21:37:01 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2012/01/11 21:36:43 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2012/01/11 20:47:36 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2012/01/11 20:47:34 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2012/01/11 20:47:33 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2012/01/11 20:47:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2012/01/11 20:47:20 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
MOD - [2012/01/11 20:47:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2012/01/11 20:47:14 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2012/01/11 20:47:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2012/01/11 20:47:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/12/17 11:15:16 | 000,091,720 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/07/23 13:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/06/22 14:37:26 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/09 11:55:58 | 000,057,904 | ---- | M] () -- C:\Windows\SysWOW64\wbload.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 15:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/01 20:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2011/12/17 11:15:17 | 000,063,048 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/30 22:45:14 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2009/07/09 21:51:10 | 000,323,672 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\IOS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/09 11:56:16 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/11 20:54:20 | 000,025,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2012/01/10 05:13:15 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/01/10 04:22:24 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2012/01/10 04:21:16 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/07/05 10:18:38 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gidv2.sys -- (GIDv2)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/30 21:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 19:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/20 15:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/23 11:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/07/17 14:58:30 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/17 14:58:24 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/17 14:58:22 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/17 14:58:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/07/02 15:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 13:53:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 07:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/01/09 01:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120111.018\EX64.SYS -- (NAVEX15)
DRV - [2012/01/09 01:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/09 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120111.018\ENG64.SYS -- (NAVENG)
DRV - [2012/01/07 05:09:08 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120111.003\IDSviA64.sys -- (IDSVia64)
DRV - [2011/12/23 22:17:32 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/25 14:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/10 22:27:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/12 01:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/11 03:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/10 04:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UNIT\AppData\Roaming\Mozilla\Extensions
[2012/01/11 01:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UNIT\AppData\Roaming\Mozilla\Firefox\Profiles\flww7wcj.default\extensions
[2012/01/11 01:05:19 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\UNIT\AppData\Roaming\Mozilla\Firefox\Profiles\flww7wcj.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/10 05:21:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\UNIT\AppData\Roaming\Mozilla\Firefox\Profiles\flww7wcj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/10 20:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/10 20:56:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\UNIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FLWW7WCJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [HP Envy Guides AutoPlay] C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LightSensorApp] C:\Program Files (x86)\LightSensorApp\ALSMON.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F5E0261-5C76-4AF6-91EA-59196EAFEA19}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 02:31:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\UNIT\Desktop\OTL.exe
[2012/01/12 00:44:10 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\NPE
[2012/01/12 00:26:46 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/12 00:14:23 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Tific
[2012/01/11 21:27:39 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Malwarebytes
[2012/01/11 20:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/01/11 19:58:34 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys
[2012/01/11 03:55:14 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Apple Computer
[2012/01/11 03:55:14 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\Apple Computer
[2012/01/11 03:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/11 03:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/11 03:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/11 03:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/11 03:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/11 03:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/01/11 03:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012/01/11 03:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/11 03:32:48 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\Apple
[2012/01/11 03:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/01/11 03:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/11 03:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/11 03:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/01/11 03:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/11 03:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/01/11 02:04:39 | 000,000,000 | ---D | C] -- C:\Users\UNIT\Documents\DUBCC
[2012/01/10 22:57:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/01/10 22:56:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/01/10 21:59:03 | 000,000,000 | ---D | C] -- C:\Users\UNIT\dwhelper
[2012/01/10 21:55:06 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/01/10 21:54:50 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/01/10 21:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/10 21:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/01/10 21:27:03 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\ElevatedDiagnostics
[2012/01/10 21:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/01/10 21:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/01/10 21:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/01/10 21:08:57 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\NCH Software
[2012/01/10 20:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/01/10 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/01/10 20:14:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/01/10 20:14:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/01/10 20:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/01/10 19:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/01/10 19:33:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/01/10 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\CyberLink
[2012/01/10 19:17:41 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\CyberLink
[2012/01/10 19:17:40 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\PowerCinema
[2012/01/10 05:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/10 05:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/10 05:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2012/01/10 05:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012/01/10 05:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2012/01/10 05:30:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A3DA8122-816A-4E6B-9218-406F7D2EB35A}
[2012/01/10 05:30:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2012/01/10 05:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2012/01/10 05:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro Photo X2
[2012/01/10 05:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012/01/10 05:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012/01/10 05:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2012/01/10 05:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2012/01/10 05:25:41 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2012/01/10 05:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2012/01/10 05:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio 12
[2012/01/10 05:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2012/01/10 05:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2012/01/10 05:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2012/01/10 05:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012/01/10 05:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sling Media
[2012/01/10 05:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sling Media
[2012/01/10 05:13:14 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2012/01/10 05:13:14 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2012/01/10 05:13:14 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2012/01/10 05:13:14 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2012/01/10 05:13:14 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2012/01/10 05:13:14 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2012/01/10 05:13:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2012/01/10 05:12:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/01/10 05:12:01 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/10 05:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/01/10 05:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/01/10 05:11:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012/01/10 05:11:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2012/01/10 05:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2012/01/10 05:11:37 | 000,000,000 | ---D | C] -- C:\Users\UNIT\Documents\Symantec
[2012/01/10 05:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/01/10 05:10:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
[2012/01/10 05:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2012/01/10 05:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2012/01/10 05:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2012/01/10 05:10:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
[2012/01/10 05:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2012/01/10 05:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2012/01/10 05:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2012/01/10 05:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightSensorApp
[2012/01/10 05:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012/01/10 05:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012/01/10 05:04:34 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/01/10 05:03:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2012/01/10 05:02:36 | 000,220,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll
[2012/01/10 05:02:34 | 012,772,352 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2012/01/10 05:02:34 | 003,348,480 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2012/01/10 05:02:34 | 000,487,424 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2012/01/10 05:02:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2012/01/10 05:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/01/10 05:01:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/01/10 05:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/01/10 05:00:50 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/01/10 04:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/01/10 04:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/01/10 04:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/01/10 04:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/01/10 04:53:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/01/10 04:49:58 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2012/01/10 04:48:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/01/10 04:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2012/01/10 04:48:04 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\ID Vault
[2012/01/10 04:47:29 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\ID Vault
[2012/01/10 04:47:15 | 000,029,288 | ---- | C] (StrikeForce Technologies, Inc.) -- C:\Windows\SysNative\drivers\gidv2.sys
[2012/01/10 04:47:12 | 000,446,752 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHookLogon64.dll
[2012/01/10 04:47:12 | 000,065,816 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDLogonCP64.dll
[2012/01/10 04:47:11 | 000,467,224 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHOOK64.DLL
[2012/01/10 04:47:11 | 000,206,608 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN1.DLL
[2012/01/10 04:47:11 | 000,102,160 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN3.DLL
[2012/01/10 04:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\GID
[2012/01/10 04:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SFT
[2012/01/10 04:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2012/01/10 04:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2012/01/10 04:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/10 04:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/01/10 04:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/10 04:37:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/10 04:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/10 04:33:50 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\Adobe
[2012/01/10 04:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/10 04:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/10 04:27:58 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Mozilla
[2012/01/10 04:27:58 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\Mozilla
[2012/01/10 04:27:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/01/10 04:25:39 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Macromedia
[2012/01/10 04:25:38 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Adobe
[2012/01/10 04:20:32 | 000,000,000 | ---D | C] -- C:\Intel
[2012/01/10 04:20:28 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\InstallShield
[2012/01/10 04:16:08 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\HP Support Assistant
[2012/01/10 04:15:55 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Hewlett-Packard
[2012/01/10 04:15:46 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\HpUpdate
[2012/01/10 04:05:10 | 000,000,000 | ---D | C] -- C:\temp
[2012/01/10 04:04:46 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\ATI
[2012/01/10 04:04:46 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\ATI
[2012/01/10 04:04:31 | 000,000,000 | R--D | C] -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/10 04:04:31 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Searches
[2012/01/10 04:04:31 | 000,000,000 | R--D | C] -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/10 04:04:31 | 000,000,000 | -H-D | C] -- C:\Users\UNIT\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/01/10 04:04:24 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Identities
[2012/01/10 04:04:22 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Contacts
[2012/01/10 04:04:20 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\VirtualStore
[2012/01/10 04:04:13 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\Hewlett-Packard_Company
[2012/01/10 04:04:10 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\hpqlog
[2012/01/10 03:59:25 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\HP TCS
[2012/01/10 03:59:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2012/01/10 03:57:49 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\Hewlett-Packard
[2012/01/10 03:57:12 | 000,000,000 | --SD | C] -- C:\Users\UNIT\AppData\Roaming\Microsoft
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Videos
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Saved Games
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Pictures
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Music
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Links
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Favorites
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Downloads
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Documents
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\Desktop
[2012/01/10 03:57:12 | 000,000,000 | R--D | C] -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\AppData\Local\Temporary Internet Files
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Templates
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Start Menu
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\SendTo
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Recent
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\PrintHood
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\NetHood
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Documents\My Videos
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Documents\My Pictures
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Documents\My Music
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\My Documents
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Local Settings
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\AppData\Local\History
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Cookies
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\Application Data
[2012/01/10 03:57:12 | 000,000,000 | -HSD | C] -- C:\Users\UNIT\AppData\Local\Application Data
[2012/01/10 03:57:12 | 000,000,000 | -H-D | C] -- C:\Users\UNIT\AppData
[2012/01/10 03:57:12 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\Temp
[2012/01/10 03:57:12 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
[2012/01/10 03:57:12 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Local\Microsoft
[2012/01/10 03:57:12 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Media Center Programs
[2012/01/10 03:57:12 | 000,000,000 | ---D | C] -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 02:31:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UNIT\Desktop\OTL.exe
[2012/01/12 02:26:45 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/01/12 02:23:52 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 02:23:52 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 01:20:42 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/12 01:20:42 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 01:20:42 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/12 01:16:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 01:16:20 | 529,686,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 01:15:22 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012/01/12 00:26:47 | 000,001,358 | ---- | M] () -- C:\Users\UNIT\Desktop\Norton Installation Files.lnk
[2012/01/11 23:31:58 | 001,664,152 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2012/01/11 22:00:04 | 000,000,132 | ---- | M] () -- C:\Windows\system32err.xml
[2012/01/11 20:54:20 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/01/11 20:42:17 | 000,294,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/11 03:55:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/11 03:53:38 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/11 03:53:06 | 000,002,515 | ---- | M] () -- C:\Users\UNIT\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/11 03:53:06 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/11 03:52:48 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012/01/11 02:17:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/01/11 01:08:47 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUNIT.job
[2012/01/10 23:02:41 | 005,364,996 | ---- | M] () -- C:\Users\UNIT\Desktop\Jay-Z-Glory feat. BIC.mp3
[2012/01/10 21:09:01 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2012/01/10 20:54:15 | 000,001,437 | ---- | M] () -- C:\Users\UNIT\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/10 20:47:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/10 20:47:31 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/10 05:55:44 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/01/10 05:55:44 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/01/10 05:32:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/10 05:30:51 | 000,002,259 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk
[2012/01/10 05:30:51 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\The Next Bench Community.lnk
[2012/01/10 05:15:54 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/01/10 05:13:15 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/01/10 05:13:15 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/10 05:13:15 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/10 05:07:40 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/01/10 05:06:00 | 000,000,892 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/01/10 04:59:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/01/10 04:46:56 | 000,002,305 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/01/10 04:46:56 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/01/10 04:44:53 | 000,000,000 | RHS- | M] () -- C:\Windows\RPISREMOVED.FLG
[2012/01/10 04:34:37 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 04:27:53 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/10 03:58:15 | 000,000,055 | -H-- | M] () -- C:\splash.idx
[2012/01/10 03:57:54 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Envy 15 Notebook PC_Y5335KV_0U_QCNF9494SX5_E572167-004_4A_I7009_SQuanta_V36.35_F.2B_T101012_WU3-0_L409_M6135_J500_7Intel_86E5_91.60_#120110_N80864237;19691063_(VM249UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/01/10 03:57:54 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Envy 15 Notebook PC_Y5335KV_0U_QCNF9494SX5_E572167-004_4A_I7009_SQuanta_V36.35_F.2B_T101012_WU3-0_L409_M6135_J500_7Intel_86E5_91.60_#120110_N80864237;19691063_(VM249UA#ABA)_XMOBILE_CN10_Z.MRK
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 01:15:22 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012/01/11 20:54:05 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/01/11 03:55:05 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/11 03:53:38 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/11 03:53:06 | 000,002,515 | ---- | C] () -- C:\Users\UNIT\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/11 03:53:06 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/01/11 03:53:06 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/11 03:52:48 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2012/01/11 03:32:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/11 02:17:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/01/11 01:00:53 | 000,000,132 | ---- | C] () -- C:\Windows\system32err.xml
[2012/01/10 22:00:32 | 005,364,996 | ---- | C] () -- C:\Users\UNIT\Desktop\Jay-Z-Glory feat. BIC.mp3
[2012/01/10 21:56:10 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/01/10 21:54:34 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/01/10 21:54:21 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/01/10 21:54:21 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/01/10 21:54:07 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/01/10 21:09:01 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2012/01/10 21:09:01 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2012/01/10 20:47:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/10 20:47:31 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/10 05:32:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/10 05:30:54 | 000,053,904 | ---- | C] () -- C:\Windows\SysNative\wbload.dll
[2012/01/10 05:30:54 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyColors.lnk
[2012/01/10 05:30:51 | 000,002,259 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk
[2012/01/10 05:30:51 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\The Next Bench Community.lnk
[2012/01/10 05:26:23 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2012/01/10 05:26:23 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2012/01/10 05:26:23 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2012/01/10 05:26:23 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2012/01/10 05:26:23 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2012/01/10 05:26:23 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2012/01/10 05:15:05 | 001,664,152 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2012/01/10 05:13:14 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2012/01/10 05:13:14 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2012/01/10 05:13:14 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2012/01/10 05:13:14 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2012/01/10 05:13:14 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2012/01/10 05:13:14 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2012/01/10 05:13:14 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2012/01/10 05:13:14 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2012/01/10 05:13:14 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2012/01/10 05:13:14 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2012/01/10 05:13:14 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2012/01/10 05:13:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2012/01/10 05:13:05 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2012/01/10 05:12:01 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/01/10 05:12:01 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/10 05:11:57 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/01/10 05:09:46 | 000,001,358 | ---- | C] () -- C:\Users\UNIT\Desktop\Norton Installation Files.lnk
[2012/01/10 05:07:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/10 05:05:44 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/01/10 04:59:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/01/10 04:54:16 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/10 04:54:08 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/10 04:52:21 | 529,686,527 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 04:50:35 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2012/01/10 04:47:12 | 000,109,064 | ---- | C] () -- C:\Windows\SysNative\EasyHook64.dll
[2012/01/10 04:46:56 | 000,002,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/01/10 04:46:56 | 000,002,299 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
[2012/01/10 04:46:56 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/01/10 04:44:53 | 000,000,000 | RHS- | C] () -- C:\Windows\RPISREMOVED.FLG
[2012/01/10 04:34:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/10 04:34:37 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/10 04:27:53 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/10 04:27:53 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/10 04:24:56 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUNIT.job
[2012/01/10 04:13:59 | 000,001,437 | ---- | C] () -- C:\Users\UNIT\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/10 04:04:40 | 000,001,409 | ---- | C] () -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/01/10 04:04:32 | 000,001,443 | ---- | C] () -- C:\Users\UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/10 03:57:54 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Envy 15 Notebook PC_Y5335KV_0U_QCNF9494SX5_E572167-004_4A_I7009_SQuanta_V36.35_F.2B_T101012_WU3-0_L409_M6135_J500_7Intel_86E5_91.60_#120110_N80864237;19691063_(VM249UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/01/10 03:57:54 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Envy 15 Notebook PC_Y5335KV_0U_QCNF9494SX5_E572167-004_4A_I7009_SQuanta_V36.35_F.2B_T101012_WU3-0_L409_M6135_J500_7Intel_86E5_91.60_#120110_N80864237;19691063_(VM249UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/01/10 03:57:12 | 000,000,290 | ---- | C] () -- C:\Users\UNIT\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/10 03:57:12 | 000,000,272 | ---- | C] () -- C:\Users\UNIT\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/09 22:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/06/12 16:32:16 | 000,104,456 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/09 11:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll

========== LOP Check ==========

[2012/01/10 05:08:28 | 000,000,000 | ---D | M] -- C:\Users\UNIT\AppData\Roaming\ID Vault
[2012/01/12 00:14:23 | 000,000,000 | ---D | M] -- C:\Users\UNIT\AppData\Roaming\Tific
[2009/07/13 23:08:49 | 000,008,406 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 12 January 2012 - 03:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see if this shows us something

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#3
houtex101
Posted 12 January 2012 - 10:53 PM

houtex101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi and thank you for your assistance with my computer issue. Here is the requested saved log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-12 22:25:58
-----------------------------
22:25:58.912 OS Version: Windows x64 6.1.7601 Service Pack 1
22:25:58.912 Number of processors: 8 586 0x1E05
22:25:58.913 ComputerName: UNIT-PC UserName: UNIT
22:26:02.138 Initialize success
22:27:10.818 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:27:10.826 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 8
22:27:10.840 Disk 0 MBR read successfully
22:27:10.845 Disk 0 MBR scan
22:27:10.851 Disk 0 Windows 7 default MBR code
22:27:10.864 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
22:27:10.876 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 474782 MB offset 206848
22:27:10.917 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 2048 MB offset 972560384
22:27:10.925 Service scanning
22:27:12.041 Modules scanning
22:27:12.051 Disk 0 trace - called modules:
22:27:12.062 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:27:12.071 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008400790]
22:27:12.080 3 CLASSPNP.SYS[fffff8800115b43f] -> nt!IofCallDriver -> [0xfffffa8008259b10]
22:27:12.086 5 hpdskflt.sys[fffff88002797189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80063d6050]
22:27:12.093 Scan finished successfully
22:28:05.880 Disk 0 MBR has been saved successfully to "C:\Users\UNIT\Desktop\MBR.dat"
22:28:06.087 The log file has been saved successfully to "C:\Users\UNIT\Desktop\aswMBR.txt"

I will now attach the screenshot.

Thanks.

Attached Thumbnails

  • DiskMgmt_Screenshot.jpg

  • 0

#4
Essexboy
Posted 13 January 2012 - 12:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that has confirmed that the MBR and partitions are allright




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
houtex101
Posted 13 January 2012 - 07:11 PM

houtex101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello, I have done the ComboFix and nothing has really changed. Some applications still don't work and again I still get messages at different places that I have something installed and that I do not in other places. AHHH, I'm pulling my hair out!I am really appeciative for your help and I hope we can fix my computer. (Log txt. below)

Thanks!!

ComboFix 12-01-13.03 - UNIT 01/13/2012 16:06:54.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4128 [GMT -6:00]
Running from: c:\users\UNIT\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\tgctlsr.dll
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 22:12 . 2012-01-13 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 22:04 . 2012-01-13 22:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EC90AEB-BDDC-4E92-9284-19E4A1C8E253}\offreg.dll
2012-01-13 08:50 . 2012-01-13 08:50 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-13 04:14 . 2012-01-13 04:15 -------- d-----w- c:\program files\iTunes
2012-01-11 09:53 . 2012-01-11 09:53 -------- d-----w- c:\program files (x86)\Safari
2012-01-11 09:32 . 2012-01-13 04:13 -------- d-----w- c:\program files\Common Files\Apple
2012-01-11 09:32 . 2012-01-11 09:32 -------- d-----w- c:\programdata\Apple
2012-01-11 04:57 . 2012-01-11 04:57 -------- d-----w- c:\windows\system32\SPReview
2012-01-11 04:56 . 2012-01-11 04:56 -------- d-----w- c:\windows\system32\EventProviders
2012-01-11 03:55 . 2010-11-20 13:25 1475584 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
2012-01-11 03:54 . 2010-11-20 13:27 366080 ----a-w- c:\windows\system32\zipfldr.dll
2012-01-11 03:53 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-01-11 03:53 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-01-11 03:53 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-01-11 03:51 . 2012-01-11 03:51 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-11 03:51 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-01-11 03:51 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-01-11 03:51 . 2012-01-11 03:51 -------- d-----w- c:\program files\Java
2012-01-11 03:51 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-01-11 03:47 . 2011-07-06 18:44 34288 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-11 03:47 . 2010-08-27 06:38 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-01-11 03:47 . 2010-08-27 06:38 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-01-11 03:46 . 2012-01-11 03:47 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-11 03:09 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-11 02:59 . 2012-01-11 02:59 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-01-11 02:37 . 2012-01-11 02:37 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-11 02:14 . 2012-01-11 02:14 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-11 02:14 . 2012-01-11 02:14 -------- d-----w- c:\windows\system32\Wat
2012-01-11 02:12 . 2012-01-13 22:04 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-01-11 01:36 . 2012-01-11 01:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-01-11 01:33 . 2012-01-11 01:33 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-11 01:20 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-11 01:20 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-11 01:17 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-11 01:16 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-01-11 01:15 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-11 01:15 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-01-11 01:15 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-11 01:13 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-01-11 01:13 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
2012-01-11 01:13 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-11 01:13 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-11 01:13 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-01-11 01:13 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-01-11 01:13 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-01-11 01:10 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-01-10 11:49 . 2012-01-10 11:49 -------- d-----w- c:\programdata\ATI
2012-01-10 11:32 . 2012-01-10 11:32 -------- d-----w- c:\program files\CCleaner
2012-01-10 11:32 . 2012-01-10 11:32 140066664 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcAFED.tmp
2012-01-10 11:31 . 2012-01-10 11:31 -------- d-----w- c:\programdata\Stardock
2012-01-10 11:30 . 2009-06-09 17:56 53904 ----a-w- c:\windows\system32\wbload.dll
2012-01-10 11:30 . 2012-01-10 11:30 -------- d-----w- c:\program files (x86)\Common Files\Stardock
2012-01-10 11:30 . 2012-01-10 11:30 -------- dc-h--w- c:\programdata\{A3DA8122-816A-4E6B-9218-406F7D2EB35A}
2012-01-10 11:30 . 2012-01-10 11:31 -------- d-----w- c:\program files (x86)\Stardock
2012-01-10 11:28 . 2012-01-10 11:30 -------- d-----w- c:\programdata\Corel
2012-01-10 11:28 . 2012-01-10 11:28 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-01-10 11:28 . 2012-01-10 11:28 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-01-10 11:23 . 2012-01-10 11:23 -------- d-----w- c:\programdata\Ulead Systems
2012-01-10 11:23 . 2012-01-10 11:28 -------- d-----w- c:\program files (x86)\Corel
2012-01-10 11:21 . 2012-01-10 11:21 -------- d-----w- c:\program files (x86)\Sling Media
2012-01-10 11:12 . 2012-01-11 03:47 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-10 11:11 . 2012-01-13 22:05 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-01-10 11:10 . 2012-01-10 11:10 -------- dc-h--w- c:\programdata\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2012-01-10 11:10 . 2012-01-10 11:10 -------- d-----w- c:\programdata\Native Instruments
2012-01-10 11:10 . 2012-01-10 11:10 -------- d-----w- c:\program files\Native Instruments
2012-01-10 11:10 . 2012-01-10 11:10 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-01-10 11:10 . 2012-01-10 11:10 -------- dc-h--w- c:\programdata\{902029B2-957E-4066-85FA-30DA31731718}
2012-01-10 11:10 . 2012-01-10 11:10 -------- d-----w- c:\program files (x86)\Native Instruments
2012-01-10 11:10 . 2012-01-10 11:10 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2012-01-10 11:09 . 2012-01-10 11:09 -------- d-----w- c:\program files (x86)\LightSensorApp
2012-01-10 11:07 . 2012-01-10 11:07 0 ----a-w- c:\windows\ativpsrm.bin
2012-01-10 11:06 . 2012-01-12 13:05 -------- d-----w- c:\programdata\Recovery
2012-01-10 11:05 . 2009-07-17 20:58 21160 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-01-10 11:05 . 2009-07-17 20:58 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-01-10 11:05 . 2009-07-17 20:58 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-01-10 11:05 . 2009-07-17 20:58 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-01-10 11:05 . 2012-01-10 11:05 -------- d-----w- c:\program files\WIDCOMM
2012-01-10 11:04 . 2012-01-10 10:20 -------- d-----w- c:\windows\Hewlett-Packard
2012-01-10 11:03 . 2009-07-23 17:02 5435904 ----a-w- c:\windows\system32\drivers\NETw5v64.sys
2012-01-10 11:03 . 2012-01-10 11:03 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-01-10 11:02 . 2010-03-23 20:53 220672 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-01-10 11:02 . 2010-01-27 00:30 162816 ----a-w- c:\windows\system32\AESTAC64.dll
2012-01-10 11:02 . 2009-10-09 22:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-01-10 11:02 . 2009-03-02 23:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-01-10 11:02 . 2010-03-23 20:53 487424 ----a-w- c:\windows\sttray64.exe
2012-01-10 11:02 . 2010-03-23 20:53 3348480 ----a-w- c:\windows\system32\stlang64.dll
2012-01-10 11:02 . 2010-03-23 20:53 12772352 ----a-w- c:\windows\system32\idtcpl64.cpl
2012-01-10 11:02 . 2009-03-02 23:47 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2012-01-10 11:02 . 2012-01-10 11:02 -------- d-----w- c:\windows\system32\SRSLabs
2012-01-10 11:01 . 2012-01-10 11:02 -------- d-----w- c:\program files\IDT
2012-01-10 11:01 . 2009-02-03 02:27 7347200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-01-10 11:01 . 2012-01-10 11:01 -------- d-----w- c:\program files (x86)\Realtek
2012-01-10 11:00 . 2009-07-08 23:34 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-01-10 10:59 . 2012-01-10 10:59 -------- d-----w- c:\program files\Synaptics
2012-01-10 10:58 . 2012-01-10 10:58 -------- d-----w- c:\program files\ATI
2012-01-10 10:58 . 2012-01-10 10:59 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-01-10 10:49 . 2012-01-11 05:08 -------- d-----w- c:\windows\ehome
2012-01-10 10:49 . 2012-01-13 06:26 -------- d-----r- c:\users\Public\Recorded TV
2012-01-10 10:49 . 2012-01-10 10:49 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-01-10 10:48 . 2012-01-10 10:48 -------- d-----w- c:\programdata\IsolatedStorage
2012-01-10 10:47 . 2011-07-05 16:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2012-01-10 10:47 . 2011-07-05 16:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2012-01-10 10:47 . 2011-07-05 16:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll
2012-01-10 10:47 . 2009-06-12 22:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2012-01-10 10:47 . 2011-07-05 16:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL
2012-01-10 10:47 . 2011-07-05 16:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL
2012-01-10 10:47 . 2011-07-05 16:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL
2012-01-10 10:27 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EC90AEB-BDDC-4E92-9284-19E4A1C8E253}\mpengine.dll
2012-01-10 10:27 . 2011-11-15 20:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 10:22 . 2012-01-10 10:22 158976 ----a-w- c:\windows\system32\drivers\Impcd.sys
2012-01-10 10:21 . 2012-01-10 10:21 7680512 ----a-w- c:\windows\system32\drivers\NETw5s64.sys
2012-01-10 10:20 . 2012-01-10 10:20 -------- d-----w- C:\Intel
2012-01-10 10:20 . 2009-11-20 21:09 537112 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-01-10 10:05 . 2012-01-11 02:51 -------- d-----w- C:\temp
2012-01-10 09:57 . 2012-01-11 03:59 -------- d-----w- c:\users\UNIT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 12:01 . 2009-07-13 23:57 19681280 ----a-w- c:\windows\system32\imageres.dll
2012-01-11 05:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-11 05:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-10 16:54 . 2012-01-10 10:18 75832 ----a-w- c:\windows\help\OEM\Scripts\HPSAPopupMessaging.dll
2011-10-18 20:44 . 2012-01-10 10:18 11832 ----a-w- c:\windows\help\OEM\Scripts\scriptLibrary.dll
2011-10-18 20:44 . 2012-01-10 10:18 19512 ----a-w- c:\windows\help\OEM\Scripts\PSGRedirector.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"LightSensorApp"="c:\program files (x86)\LightSensorApp\ALSMON.exe" [2009-07-22 169472]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-06-22 16712]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Envy Guides AutoPlay"="c:\program files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\hpdocstart.exe" [2009-07-31 76584]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\JJJEW UNIT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-9-18 1389944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-12-17 4689992]
Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-6-9 8960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-9-18 1389944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\ios.sys\config\DVMExportService.exe [2009-07-10 323672]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - BHDrvx64
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SymIM
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 16:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\HPCeeScheduleForUNIT.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-10-25 21:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\UNIT\AppData\Roaming\Mozilla\Firefox\Profiles\flww7wcj.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-13 16:14:22
ComboFix-quarantined-files.txt 2012-01-13 22:14
.
Pre-Run: 436,316,954,624 bytes free
Post-Run: 436,183,375,872 bytes free
.
- - End Of File - - 52C78ABC407159A0D4F280081E0239BE
  • 0

#6
Essexboy
Posted 14 January 2012 - 06:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next we will check the disc and then the file structure

  • On the desktop click the My Computer icon
  • Right click your main drive (I am on C) and select properties
  • Select the tools tab
  • Select error checking
  • Place a tick in both boxes
  • Press start
  • You will get a warning that it needs to reboot to continue
  • Allow it to do so


Once completed

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator


In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow




After all this is completed could you update me on the problems being experienced
  • 0

#7
houtex101
Posted 14 January 2012 - 11:36 PM

houtex101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

I did the error checker and it required reboot immediately so it processed really quick and then said no error. I than did the other scan. It reported that Windows Resource Protection found corrupt files but was unable to fix them. Details are included in the CBS.log. I have attached the file if it will help the issue. It is really long though and makes no sense to me except I still know something is wrong! The computer is still unstable and now the HP Support Assistant will not operate even after complete uninstall and reinstall. What else can we do?

Thanks again for your assistance!

Attached Files

  • Attached File  CBS.log   745.88KB   96 downloads

  • 0

#8
Essexboy
Posted 15 January 2012 - 05:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There are a few problems there with the file restoration.

There are two choices open to you..

First a re-install of windows this will be the quickest option
Second I can try to track the problem down, this may take a while and there is no guarantee of success
The choice is yours

Clean boot

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.


Now we get to the tedious part,:

Does windows behave itself
  • 0

#9
houtex101
Posted 15 January 2012 - 10:05 PM

houtex101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello, first I was not too clear on your instructions in regards to re-install windows or you tracking down the problem. I have re-installed windows before and the problem still persists. I think it could be the external hard drive and my external cd rom that are infected too! This computer did not come with an internal cd rom drive. The 2 hook up via USB. So....I followed your instructions for a clean boot. My System Configuration Utility does not display either SYSTEM.INI or WIN.INI as an option in Selective Startup. So I did do the rest of the instructions including Disabling the services and also when I restarted, I checked the Utility again and Norton Suite had been checked again but everything else was unchecked, excluding the hidden Microsoft Services. As far as how windows is running, it seems to be operating but of course several things are turned off so now it just appears all my icons and toolbars look like I'm in safe mode. What should I do next???? Thank you again for your help because I know how tedious this has been. :)\
  • 0

#10
Essexboy
Posted 16 January 2012 - 04:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now try to track the problem down

Could you list some of the programmes that do not work, and include any error messages that you get.
  • 0

#11
houtex101
Posted 17 January 2012 - 07:36 PM

houtex101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi and thank you for your help. I ordered recovery disks from HP. Everything is still messed up. The browsers seem to work better but it appears that it is an older version of Windows running. I uninstalled Norton. No matter what I do, the computer still acts erratic and infected. I'm afraid it's through a USB drive so I hope the recovery disks don't get infected too. If you have any additional ideas, I'm all ears but it seems my computer is unrepairable.
  • 0

#12
Essexboy
Posted 18 January 2012 - 07:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you get the recovery discs, ensure that the drive is reformated as part of the installation

Prior to the use of the discs back up all the data you require as a format will wipe it all

I feel that the malware has gone but the damge it did is very severe
  • 0

#13
Essexboy
Posted 22 January 2012 - 06:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP