Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

unknown virus loading up my browser with junk! [Solved]

Started by bob65 , Feb 13 2012 09:42 AM

This topic is locked

#1
bob65

Posted 13 February 2012 - 09:42 AM

Member

Member
20 posts

Please help! No program I have used seems to pick up on whatever is doing this. My browser cache will have 1,500 items added to it in a matter of minutes slowing my computer down. I use Norton 360 and have downloaded about every free removal program there is to no avail.

OTL logfile created on: 2/13/2012 10:17:53 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 63.08% Memory free
4.10 Gb Paging File | 3.33 Gb Available in Paging File | 81.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 88.83 Gb Free Space | 63.06% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.47 Gb Free Space | 17.92% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/13 10:17:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 19:38:00 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/14 06:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 19:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/03/28 19:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/14 06:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 06:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 06:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 06:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 06:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 06:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 06:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/08/09 15:43:20 | 000,130,904 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2007/03/28 19:45:38 | 000,339,968 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/03/28 19:45:28 | 000,114,783 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/03/28 19:45:26 | 000,233,573 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/03/28 19:45:26 | 000,032,768 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/28 19:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 19:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 16:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2012/02/04 15:12:39 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 15:12:39 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 17:06:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120212.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/03 17:06:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120212.017\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/03 12:57:01 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/02 16:11:24 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/01/21 02:27:16 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/04/20 20:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/03/22 20:59:10 | 000,020,560 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/02/28 13:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 11:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 03:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/22 16:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 12:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 07:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 05:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/08/05 04:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/29 19:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/03 16:23:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/13 10:11:56 | 000,000,000 | ---D | M]

[2011/06/14 11:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2011/06/14 11:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/02/08 12:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/14 11:27:23 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/02/08 11:56:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A6D4BD4-5A73-485A-8041-D8AE5A2C831A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Bob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 03:15:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 10:17:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/02/09 16:42:07 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.034
[2012/02/09 16:42:07 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.033
[2012/02/09 16:42:01 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.031
[2012/02/09 16:42:01 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.032
[2012/02/09 16:42:01 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.030
[2012/02/09 16:41:59 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02E
[2012/02/09 16:41:59 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02F
[2012/02/09 16:41:59 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02B
[2012/02/09 16:41:59 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02C
[2012/02/09 16:41:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02D
[2012/02/09 16:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Evidence Eliminator
[2012/02/09 16:41:58 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02A
[2012/02/09 16:37:55 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.027
[2012/02/09 16:37:55 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.029
[2012/02/09 16:37:55 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.028
[2012/02/09 16:37:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.026
[2012/02/09 16:37:53 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.024
[2012/02/09 16:37:53 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.025
[2012/02/09 16:37:53 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.022
[2012/02/09 16:37:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.023
[2012/02/09 16:37:52 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.020
[2012/02/09 16:37:52 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.021
[2012/02/09 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/02/09 16:36:35 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01D
[2012/02/09 16:36:35 | 000,061,440 | ---- | C] (evidence-eliminator.com) -- C:\Windows\System32\Eeshellx.dll
[2012/02/09 16:36:35 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01F
[2012/02/09 16:36:35 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01E
[2012/02/09 16:36:35 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01C
[2012/02/09 16:36:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
[2012/02/09 16:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
[2012/02/09 16:36:32 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01A
[2012/02/09 16:36:32 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01B
[2012/02/09 16:36:32 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.017
[2012/02/09 16:36:32 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.018
[2012/02/09 16:36:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.019
[2012/02/09 16:36:31 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.016
[2012/02/08 21:49:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/08 12:20:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\CrashDumps
[2012/02/08 12:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/08 12:01:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/08 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\temp
[2012/02/08 11:05:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/08 11:05:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/08 11:05:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/08 11:05:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/08 11:05:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/08 11:02:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 22:45:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/07 22:45:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/07 22:45:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/07 12:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2012/02/07 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\f-secure
[2012/02/07 12:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/02/07 12:48:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/07 12:11:23 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\PerformerSoft
[2012/02/07 12:11:22 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012/02/03 14:08:40 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.sys
[2012/02/03 14:08:40 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.sys
[2012/02/03 14:08:40 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symds.sys
[2012/02/03 14:08:40 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symtdiv.sys
[2012/02/03 14:08:40 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symnets.sys
[2012/02/03 14:08:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\ironx86.sys
[2012/02/03 14:08:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.sys
[2012/02/03 14:08:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0502000.00D
[2012/02/03 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Symantec
[2012/02/03 12:57:01 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/03 12:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/03 12:56:38 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/02/03 12:56:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2012/02/03 12:56:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/02/03 12:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2012/02/03 12:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/02/03 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/03 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/02/03 10:43:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\NPE
[2012/02/03 10:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/01/16 09:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG
[2012/01/16 09:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2012/01/16 09:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics

========== Files - Modified Within 30 Days ==========

[2012/02/13 10:17:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/02/13 10:16:22 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/13 10:16:22 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/13 10:13:21 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/13 10:12:50 | 000,000,168 | ---- | M] () -- C:\Users\Bob\Desktop\Google.url
[2012/02/13 10:12:41 | 000,002,427 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/02/13 10:11:45 | 000,012,931 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\nvModes.dat
[2012/02/13 10:11:45 | 000,012,931 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\nvModes.001
[2012/02/13 10:11:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 10:11:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 10:11:32 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 10:11:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/13 10:11:18 | 271,644,234 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/13 09:31:52 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/13 09:29:59 | 000,008,160 | ---- | M] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2012/02/13 09:16:43 | 000,351,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/09 16:42:09 | 000,000,771 | ---- | M] () -- C:\Users\Bob\Desktop\Evidence Eliminator.lnk
[2012/02/08 12:26:35 | 000,000,000 | ---- | M] () -- C:\Users\Bob\Desktop\settings.dat
[2012/02/08 12:17:11 | 000,000,050 | ---- | M] () -- C:\user.js
[2012/02/08 11:56:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/08 09:30:27 | 000,000,354 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Sign In.url
[2012/02/07 23:11:26 | 000,000,000 | ---- | M] () -- C:\Users\Bob\defogger_reenable
[2012/02/07 23:10:50 | 000,050,477 | ---- | M] () -- C:\Users\Bob\Desktop\Defogger.exe
[2012/02/07 12:16:38 | 000,001,603 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/02/06 18:03:46 | 000,178,195 | ---- | M] () -- C:\Users\Bob\Documents\Claim_Form_10.pdf
[2012/02/06 17:06:32 | 000,047,032 | ---- | M] () -- C:\Users\Bob\Documents\Classic Form-signed.pdf
[2012/02/06 16:41:17 | 000,422,298 | ---- | M] () -- C:\Users\Bob\Documents\Scan.pdf
[2012/02/03 16:22:49 | 002,059,306 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/03 15:15:01 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/03 13:09:30 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/03 12:57:01 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/03 12:57:01 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/03 12:57:01 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/02/03 10:57:48 | 000,000,186 | ---- | M] () -- C:\Users\Bob\Desktop\TimesRepublican.com News, Sports, Jobs, Community info - Times Republican.url
[2012/02/02 09:05:57 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/02 09:05:57 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/01 13:47:06 | 000,017,464 | ---- | M] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012/01/28 00:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/17 19:14:33 | 000,047,820 | ---- | M] () -- C:\Users\Bob\Documents\COI_R_CertificateOfInstal_2963UE05[1].pdf

========== Files Created - No Company Name ==========

[2012/02/13 09:50:22 | 271,644,234 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 16:42:09 | 000,000,771 | ---- | C] () -- C:\Users\Bob\Desktop\Evidence Eliminator.lnk
[2012/02/08 12:26:35 | 000,000,000 | ---- | C] () -- C:\Users\Bob\Desktop\settings.dat
[2012/02/08 12:17:11 | 000,000,050 | ---- | C] () -- C:\user.js
[2012/02/08 11:05:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/08 11:05:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/08 11:05:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/08 11:05:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/08 11:05:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 23:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Bob\defogger_reenable
[2012/02/07 23:10:41 | 000,050,477 | ---- | C] () -- C:\Users\Bob\Desktop\Defogger.exe
[2012/02/07 23:02:16 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/07 12:11:23 | 000,001,603 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/02/06 17:06:32 | 000,047,032 | ---- | C] () -- C:\Users\Bob\Documents\Classic Form-signed.pdf
[2012/02/06 16:41:17 | 000,422,298 | ---- | C] () -- C:\Users\Bob\Documents\Scan.pdf
[2012/02/03 15:09:34 | 002,059,306 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/03 14:08:40 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnetv.cat
[2012/02/03 14:08:40 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\iron.cat
[2012/02/03 14:08:40 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnet.cat
[2012/02/03 14:08:40 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.cat
[2012/02/03 14:08:40 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.cat
[2012/02/03 14:08:40 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.cat
[2012/02/03 14:08:40 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.inf
[2012/02/03 14:08:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symds.inf
[2012/02/03 14:08:40 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnetv.inf
[2012/02/03 14:08:40 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnet.inf
[2012/02/03 14:08:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.inf
[2012/02/03 14:08:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.inf
[2012/02/03 14:08:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\iron.inf
[2012/02/03 14:08:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symds.cat
[2012/02/03 14:08:18 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/02/03 12:57:01 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/03 12:57:01 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/02/03 12:56:58 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/01 17:06:44 | 000,178,195 | ---- | C] () -- C:\Users\Bob\Documents\Claim_Form_10.pdf
[2012/01/17 19:14:33 | 000,047,820 | ---- | C] () -- C:\Users\Bob\Documents\COI_R_CertificateOfInstal_2963UE05[1].pdf
[2012/01/16 09:27:16 | 000,002,427 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/08/23 21:08:46 | 000,116,891 | ---- | C] () -- C:\Windows\hpqins00.dat
[2011/05/23 16:33:01 | 000,137,705 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/04/28 10:38:01 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/28 10:38:01 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/27 21:13:07 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/25 01:54:18 | 000,011,944 | -HS- | C] () -- C:\Users\Bob\AppData\Local\3011k67wttp43662q2qw454a467754200insrqeg
[2011/03/25 01:54:18 | 000,011,944 | -HS- | C] () -- C:\ProgramData\3011k67wttp43662q2qw454a467754200insrqeg
[2011/02/03 12:16:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/03 12:16:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/03 12:16:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/02 00:00:03 | 000,005,120 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 01:31:54 | 000,008,160 | ---- | C] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2011/01/31 20:43:41 | 000,012,931 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\nvModes.001
[2011/01/31 20:43:40 | 000,012,931 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\nvModes.dat
[2007/08/28 01:45:15 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/05/29 03:01:16 | 000,103,489 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/03/20 13:52:55 | 000,107,477 | ---- | C] () -- C:\Windows\hpqins07.dat
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,351,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#2
Render

Posted 18 February 2012 - 04:26 PM

Trusted Helper

Malware Removal
4,195 posts

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
Please tell me if you have your original Windows CD/DVD available
When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select Yes.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.
Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

#3
bob65

Posted 18 February 2012 - 06:09 PM

Member

Topic Starter
Member
20 posts

MBR.zip 555bytes 97 downloadsThank you for your reply

Here are my logs.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-15 21:36:06
-----------------------------
21:36:06.442 OS Version: Windows 6.0.6002 Service Pack 2
21:36:06.442 Number of processors: 2 586 0x4802
21:36:06.442 ComputerName: BOB-PC UserName: Bob
21:36:07.893 Initialize success
21:36:23.592 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
21:36:23.592 Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 6
21:36:23.608 Disk 0 MBR read successfully
21:36:23.608 Disk 0 MBR scan
21:36:23.623 Disk 0 unknown MBR code
21:36:23.623 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144231 MB offset 63
21:36:23.670 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8393 MB offset 295387155
21:36:23.686 Disk 0 scanning sectors +312576705
21:36:23.748 Disk 0 scanning C:\Windows\system32\drivers
21:36:31.501 Service scanning
21:36:33.030 Modules scanning
21:36:42.889 Disk 0 trace - called modules:
21:36:42.905 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:36:42.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855f2850]
21:36:42.920 3 CLASSPNP.SYS[87fab8b3] -> nt!IofCallDriver -> [0x849a4130]
21:36:42.920 5 acpi.sys[822176bc] -> nt!IofCallDriver -> \Device\00000071[0x849a45c8]
21:36:42.920 Scan finished successfully
21:43:03.649 Disk 0 MBR has been saved successfully to "C:\Users\Bob\Desktop\MBR.dat"
21:43:03.649 The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"

#4
Render

Posted 20 February 2012 - 03:59 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Please delete your copy of OTL.exe from your desktop and do the following:

Posted Image

OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

#5
bob65

Posted 20 February 2012 - 07:58 AM

Member

Topic Starter
Member
20 posts

Here you go!

OTL logfile created on: 2/20/2012 8:32:21 AM - Run 3
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Bob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 62.47% Memory free
4.10 Gb Paging File | 3.33 Gb Available in Paging File | 81.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 87.39 Gb Free Space | 62.04% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.47 Gb Free Space | 17.92% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 08:28:51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 19:38:00 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/14 06:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/28 19:45:38 | 000,118,877 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007/03/28 19:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/14 06:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 06:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 06:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 06:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 06:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 06:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 06:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/08/09 15:43:20 | 000,130,904 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2007/03/28 19:45:38 | 000,339,968 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/03/28 19:45:28 | 000,114,783 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/03/28 19:45:26 | 000,233,573 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/03/28 19:45:26 | 000,032,768 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (VU)
SRV - File not found [On_Demand | Stopped] -- -- (IVBORDHV)
SRV - File not found [On_Demand | Stopped] -- -- (HTPVBOJ)
SRV - File not found [On_Demand | Stopped] -- -- (HOPUBVKF)
SRV - File not found [On_Demand | Stopped] -- -- (DBOHCJX)
SRV - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/28 19:45:38 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 19:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 16:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2012/02/04 15:12:39 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 15:12:39 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 17:06:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120218.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/03 17:06:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120218.008\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/03 12:57:01 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/02 16:11:24 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120217.003\IDSvix86.sys -- (IDSVix86)
DRV - [2012/01/21 02:27:16 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/04/20 20:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/03/22 20:59:10 | 000,020,560 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/02/28 13:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 11:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 03:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/22 16:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 12:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 07:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 05:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/08/05 04:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/29 19:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/03 16:23:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/20 08:16:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/02/16 10:31:53 | 000,000,000 | ---D | M]

[2011/06/14 11:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2011/06/14 11:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/14 11:27:23 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/02/08 11:56:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A6D4BD4-5A73-485A-8041-D8AE5A2C831A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Bob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 03:15:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 08:28:31 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/02/18 19:04:36 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\FreeFileViewer
[2012/02/18 18:53:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\FileTypeAssistant
[2012/02/18 18:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2012/02/18 18:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/02/18 18:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2012/02/18 18:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/02/16 12:06:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\RootkitRevealer[1]
[2012/02/16 11:47:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCID
[2012/02/16 10:31:52 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/02/16 10:31:52 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/02/16 10:31:52 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/02/16 10:31:51 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/02/16 10:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/02/16 10:27:48 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/02/16 10:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/02/16 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\TestApp
[2012/02/16 10:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/02/15 21:35:52 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Bob\Desktop\aswMBR.exe
[2012/02/15 21:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/02/15 18:28:36 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/15 18:28:30 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 18:28:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 18:28:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 18:28:28 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 18:28:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/15 18:28:28 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/15 18:28:28 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/15 18:28:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/15 18:28:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/15 18:28:28 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/15 18:28:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 18:28:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/15 18:28:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/15 18:28:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/15 18:28:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/15 18:28:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/15 18:28:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/15 18:28:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/09 16:42:07 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.034
[2012/02/09 16:42:07 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.033
[2012/02/09 16:42:01 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.031
[2012/02/09 16:42:01 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.032
[2012/02/09 16:42:01 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.030
[2012/02/09 16:41:59 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02E
[2012/02/09 16:41:59 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02F
[2012/02/09 16:41:59 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02B
[2012/02/09 16:41:59 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02C
[2012/02/09 16:41:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02D
[2012/02/09 16:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Evidence Eliminator
[2012/02/09 16:41:58 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.02A
[2012/02/09 16:37:55 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.027
[2012/02/09 16:37:55 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.029
[2012/02/09 16:37:55 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.028
[2012/02/09 16:37:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.026
[2012/02/09 16:37:53 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.024
[2012/02/09 16:37:53 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.025
[2012/02/09 16:37:53 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.022
[2012/02/09 16:37:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.023
[2012/02/09 16:37:52 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.020
[2012/02/09 16:37:52 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.021
[2012/02/09 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/02/09 16:36:35 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01D
[2012/02/09 16:36:35 | 000,061,440 | ---- | C] (evidence-eliminator.com) -- C:\Windows\System32\Eeshellx.dll
[2012/02/09 16:36:35 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01F
[2012/02/09 16:36:35 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01E
[2012/02/09 16:36:35 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01C
[2012/02/09 16:36:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
[2012/02/09 16:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
[2012/02/09 16:36:32 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01A
[2012/02/09 16:36:32 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.01B
[2012/02/09 16:36:32 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.017
[2012/02/09 16:36:32 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.018
[2012/02/09 16:36:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.019
[2012/02/09 16:36:31 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.016
[2012/02/08 21:49:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/08 12:20:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\CrashDumps
[2012/02/08 12:01:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/08 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\temp
[2012/02/08 11:05:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/08 11:05:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/08 11:05:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/08 11:05:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/08 11:05:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/08 11:02:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 22:45:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/07 22:45:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/07 22:45:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/07 12:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2012/02/07 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\f-secure
[2012/02/07 12:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/02/07 12:48:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/07 12:11:23 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\PerformerSoft
[2012/02/07 12:11:22 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012/02/03 14:08:40 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.sys
[2012/02/03 14:08:40 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.sys
[2012/02/03 14:08:40 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symds.sys
[2012/02/03 14:08:40 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symtdiv.sys
[2012/02/03 14:08:40 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symnets.sys
[2012/02/03 14:08:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\ironx86.sys
[2012/02/03 14:08:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.sys
[2012/02/03 14:08:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0502000.00D
[2012/02/03 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Symantec
[2012/02/03 12:57:01 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/03 12:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/03 12:56:38 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/02/03 12:56:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2012/02/03 12:56:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/02/03 12:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2012/02/03 12:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/02/03 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/03 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/02/03 10:43:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\NPE
[2012/02/03 10:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

========== Files - Modified Within 30 Days ==========

[2012/02/20 08:30:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 08:28:51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/02/20 08:18:08 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/20 08:16:38 | 000,012,931 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\nvModes.dat
[2012/02/20 08:16:38 | 000,012,931 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\nvModes.001
[2012/02/20 08:16:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 08:16:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 08:16:26 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 08:16:26 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/02/20 08:16:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/19 20:40:10 | 000,000,168 | ---- | M] () -- C:\Users\Bob\Desktop\Google.url
[2012/02/19 20:12:26 | 000,000,354 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Sign In.url
[2012/02/18 20:23:17 | 000,000,104 | ---- | M] () -- C:\Users\Bob\Desktop\Recycle Bin - Shortcut (2).lnk
[2012/02/18 19:05:37 | 000,000,555 | ---- | M] () -- C:\Users\Bob\Desktop\MBR.zip
[2012/02/16 16:14:42 | 282,842,730 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/16 15:11:51 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/16 15:11:51 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/16 15:04:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\FJGTENVBX
[2012/02/16 11:47:53 | 000,019,761 | ---- | M] () -- C:\LDB_20120216001
[2012/02/16 11:39:28 | 042,704,896 | ---- | M] () -- C:\Windows\System32\IDBJKXUWV
[2012/02/16 10:45:57 | 000,005,632 | ---- | M] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 10:29:35 | 001,962,617 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/02/16 10:19:36 | 000,000,000 | ---- | M] () -- C:\Users\Bob\defogger_reenable
[2012/02/16 10:00:54 | 000,284,504 | ---- | M] () -- C:\Users\Bob\AppData\Local\census.cache
[2012/02/16 10:00:32 | 000,218,816 | ---- | M] () -- C:\Users\Bob\AppData\Local\ars.cache
[2012/02/16 09:51:03 | 000,000,036 | ---- | M] () -- C:\Users\Bob\AppData\Local\housecall.guid.cache
[2012/02/15 21:43:03 | 000,000,512 | ---- | M] () -- C:\Users\Bob\Desktop\MBR.dat
[2012/02/15 21:36:03 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Bob\Desktop\aswMBR.exe
[2012/02/15 19:26:09 | 000,351,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 18:28:22 | 002,069,830 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/13 11:31:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/13 10:12:41 | 000,002,427 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/02/13 09:29:59 | 000,008,160 | ---- | M] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2012/02/09 16:42:09 | 000,000,771 | ---- | M] () -- C:\Users\Bob\Desktop\Evidence Eliminator.lnk
[2012/02/08 12:17:11 | 000,000,050 | ---- | M] () -- C:\user.js
[2012/02/08 11:56:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/07 23:10:50 | 000,050,477 | ---- | M] () -- C:\Users\Bob\Desktop\Defogger.exe
[2012/02/07 12:16:38 | 000,001,603 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/02/06 18:03:46 | 000,178,195 | ---- | M] () -- C:\Users\Bob\Documents\Claim_Form_10.pdf
[2012/02/06 17:06:32 | 000,047,032 | ---- | M] () -- C:\Users\Bob\Documents\Classic Form-signed.pdf
[2012/02/06 16:41:17 | 000,422,298 | ---- | M] () -- C:\Users\Bob\Documents\Scan.pdf
[2012/02/03 15:15:01 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/03 13:09:30 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/03 12:57:01 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/03 12:57:01 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/03 12:57:01 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/02/02 09:05:57 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/02 09:05:57 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/01 13:47:06 | 000,017,464 | ---- | M] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012/01/28 00:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini

========== Files Created - No Company Name ==========

[2012/02/18 20:23:17 | 000,000,104 | ---- | C] () -- C:\Users\Bob\Desktop\Recycle Bin - Shortcut (2).lnk
[2012/02/18 19:05:37 | 000,000,555 | ---- | C] () -- C:\Users\Bob\Desktop\MBR.zip
[2012/02/18 18:51:47 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/02/16 16:09:41 | 282,842,730 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/16 15:04:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\FJGTENVBX
[2012/02/16 11:47:53 | 000,019,761 | ---- | C] () -- C:\LDB_20120216001
[2012/02/16 11:37:04 | 042,704,896 | ---- | C] () -- C:\Windows\System32\IDBJKXUWV
[2012/02/16 10:31:52 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/02/16 10:31:52 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/02/16 10:31:52 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/02/16 10:31:52 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/02/16 10:31:52 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/02/16 10:19:36 | 000,000,000 | ---- | C] () -- C:\Users\Bob\defogger_reenable
[2012/02/16 10:00:54 | 000,284,504 | ---- | C] () -- C:\Users\Bob\AppData\Local\census.cache
[2012/02/16 10:00:32 | 000,218,816 | ---- | C] () -- C:\Users\Bob\AppData\Local\ars.cache
[2012/02/16 09:51:03 | 000,000,036 | ---- | C] () -- C:\Users\Bob\AppData\Local\housecall.guid.cache
[2012/02/15 21:43:03 | 000,000,512 | ---- | C] () -- C:\Users\Bob\Desktop\MBR.dat
[2012/02/13 11:31:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/09 16:42:09 | 000,000,771 | ---- | C] () -- C:\Users\Bob\Desktop\Evidence Eliminator.lnk
[2012/02/08 12:17:11 | 000,000,050 | ---- | C] () -- C:\user.js
[2012/02/08 11:05:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/08 11:05:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/08 11:05:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/08 11:05:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/08 11:05:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 23:10:41 | 000,050,477 | ---- | C] () -- C:\Users\Bob\Desktop\Defogger.exe
[2012/02/07 23:02:16 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/07 12:11:23 | 000,001,603 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/02/06 17:06:32 | 000,047,032 | ---- | C] () -- C:\Users\Bob\Documents\Classic Form-signed.pdf
[2012/02/06 16:41:17 | 000,422,298 | ---- | C] () -- C:\Users\Bob\Documents\Scan.pdf
[2012/02/03 15:09:34 | 002,069,830 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/03 14:08:40 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnetv.cat
[2012/02/03 14:08:40 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\iron.cat
[2012/02/03 14:08:40 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnet.cat
[2012/02/03 14:08:40 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.cat
[2012/02/03 14:08:40 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.cat
[2012/02/03 14:08:40 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.cat
[2012/02/03 14:08:40 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.inf
[2012/02/03 14:08:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symds.inf
[2012/02/03 14:08:40 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnetv.inf
[2012/02/03 14:08:40 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnet.inf
[2012/02/03 14:08:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.inf
[2012/02/03 14:08:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.inf
[2012/02/03 14:08:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\iron.inf
[2012/02/03 14:08:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symds.cat
[2012/02/03 14:08:18 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/02/03 12:57:01 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/03 12:57:01 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/02/03 12:56:58 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/01 17:06:44 | 000,178,195 | ---- | C] () -- C:\Users\Bob\Documents\Claim_Form_10.pdf
[2012/01/16 09:27:16 | 000,002,427 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/08/23 21:08:46 | 000,116,891 | ---- | C] () -- C:\Windows\hpqins00.dat
[2011/05/23 16:33:01 | 000,137,705 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/04/28 10:38:01 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/28 10:38:01 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/27 21:13:07 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/25 01:54:18 | 000,011,944 | -HS- | C] () -- C:\Users\Bob\AppData\Local\3011k67wttp43662q2qw454a467754200insrqeg
[2011/03/25 01:54:18 | 000,011,944 | -HS- | C] () -- C:\ProgramData\3011k67wttp43662q2qw454a467754200insrqeg
[2011/02/03 12:16:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/03 12:16:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/03 12:16:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/02 00:00:03 | 000,005,632 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 01:31:54 | 000,008,160 | ---- | C] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2011/01/31 20:43:41 | 000,012,931 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\nvModes.001
[2011/01/31 20:43:40 | 000,012,931 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\nvModes.dat

========== LOP Check ==========

[2012/02/07 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\f-secure
[2012/02/19 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FreeFileViewer
[2012/01/09 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FrostWire
[2011/11/07 10:34:50 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\IObit
[2011/01/31 20:44:34 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\MSNInstaller
[2011/02/21 01:47:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\MusicNet
[2011/01/31 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\muvee Technologies
[2012/02/07 12:14:07 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PerformerSoft
[2012/02/16 10:27:19 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TestApp
[2011/06/14 11:27:50 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TomTom
[2012/02/20 08:16:26 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2012/02/19 22:35:40 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/01 01:23:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/02/01 01:23:45 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/02/01 01:23:45 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/02/01 01:23:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/14 23:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/15 01:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CD15C3

< End of report >

OTL Extras logfile created on: 2/20/2012 8:32:21 AM - Run 3
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Bob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 62.47% Memory free
4.10 Gb Paging File | 3.33 Gb Available in Paging File | 81.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 87.39 Gb Free Space | 62.04% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.47 Gb Free Space | 17.92% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082A36F6-6264-4ADB-A3CD-BE19838E4295}" = rport=137 | protocol=17 | dir=out | app=system |
"{1416EEB9-1D5C-41F6-BD9C-95B971989546}" = lport=445 | protocol=6 | dir=in | app=system |
"{217E2F65-9F28-4A54-941E-30BC5B23FDCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56B81F9A-4C97-4B0C-8694-90BED04474DC}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E1AE1C0-64CD-4CE4-982F-4917D3DA96B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{64A59A57-66FF-49A0-B62F-7D397EA58336}" = lport=139 | protocol=6 | dir=in | app=system |
"{8DA33F67-A32D-4210-B20B-B3EDF92AD8EA}" = lport=137 | protocol=17 | dir=in | app=system |
"{9050EEDE-A2DA-4701-BACE-6D8DDBBBD07F}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD55F0F8-E242-4B94-A15C-32039E569549}" = rport=139 | protocol=6 | dir=out | app=system |
"{F461398C-D8B8-4D96-9010-2E981F4DA611}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17B50962-DB12-4773-8F82-0DFA92C1DE3F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{2AB1CA32-775A-429B-935A-FCB1D76B807D}" = protocol=58 | dir=in | [email protected],-28545 |
"{35F84F04-50B9-4473-B6BA-6EEEC24C0EAA}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |
"{494C96EA-BDFB-4A61-938F-63A8EC14E6A2}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{4AE07C23-B179-4ECB-AFF6-07D5782B02E3}" = protocol=1 | dir=out | [email protected],-28544 |
"{77D2C385-4803-4EFD-8B63-8D6304E33AC8}" = protocol=1 | dir=in | [email protected],-28543 |
"{8E243965-D77E-433E-8DBC-109AAC179A8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D839C64-DF27-43D5-9374-45F410999409}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B67EB3CA-8556-4E6A-836B-5750E6A5179D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{CF420997-A179-42A8-A833-07F6C1DE2F71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D1A0DAED-B4D9-417E-91AA-F1CB28090FF5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D8C00E26-F3C7-404F-B844-D2DB6C1A572B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{E98BB639-E699-4911-9906-28FEA16ADECF}" = protocol=58 | dir=out | [email protected],-28546 |
"{FABC5D01-90B9-4323-978A-1BC9E0C4B648}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{57C03BA4-6B2E-4C43-8F2E-0956A81B83C4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{8CC90ED5-A538-4311-AC6A-C02189C4FEF9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{98967737-9487-4F94-B284-34856ED63C9C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D13DBDEE-A678-40B8-9D7F-0A16F1551F87}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{0857037E-679E-450B-A0C1-1EDD5A898198}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{538CC62E-5248-49BA-9D45-51178AA79B2D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{76E84FCA-6582-49AC-957A-B7879A27C9EB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C293306E-898B-4325-90BD-3214F47DA94E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88A548E6-4B09-43E7-AD55-3C7D1B37706D}" = ESU for Microsoft Vista
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}" = HP User Guides 0041
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DE94D621-6862-4BD5-A93A-05C67EEDDF0C}" = LG Verizon United Drivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"FreeFileViewer_is1" = Free File Viewer 2011
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyTomTom" = MyTomTom 3.1.0.530
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3936260829-1272539646-4047197323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2012 11:43:21 AM | Computer Name = Bob-PC | Source = Application Error | ID = 1000
Description = Faulting application pctsSvc.exe, version 9.0.0.909, time stamp 0x4f0d191a,
faulting module CommLib.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000142, fault offset 0x00009f5d, process id 0x1594, application start time
0x01ccecc1b4462837.

Error - 2/16/2012 12:43:34 PM | Computer Name = Bob-PC | Source = Application Error | ID = 1000
Description = Faulting application pctsSvc.exe, version 9.0.0.909, time stamp 0x4f0d191a,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000142, fault offset 0x00009f5d, process id 0x1438, application start time
0x01ccecca1ddeb295.

Error - 2/16/2012 12:43:41 PM | Computer Name = Bob-PC | Source = Application Error | ID = 1000
Description = Faulting application pctsSvc.exe, version 9.0.0.909, time stamp 0x4f0d191a,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000142, fault offset 0x00009f5d, process id 0x1518, application start time
0x01ccecca22bb0d45.

Error - 2/16/2012 12:44:29 PM | Computer Name = Bob-PC | Source = Application Hang | ID = 1002
Description = The program 9.0.0.909a-SDsetup-lite_en.tmp version 51.1052.0.0 stopped
interacting with Windows and was closed. To see if more information about the problem
is available, check the problem history in the Problem Reports and Solutions control
panel. Process ID: 1070 Start Time: 01ccecca0a1a45d5 Termination Time: 2

Error - 2/16/2012 12:44:42 PM | Computer Name = Bob-PC | Source = Application Hang | ID = 1002
Description = The program InnoMonitor2.exe version 1.0.0.18 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10d8 Start Time: 01ccecca0e2a7eb5 Termination Time: 0

Error - 2/16/2012 12:46:17 PM | Computer Name = Bob-PC | Source = Application Error | ID = 1000
Description = Faulting application pctsSvc.exe, version 9.0.0.909, time stamp 0x4f0d191a,
faulting module CommLib.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000142, fault offset 0x00009f5d, process id 0x13d4, application start time
0x01ccecca7f5438b5.

Error - 2/16/2012 6:01:16 PM | Computer Name = Bob-PC | Source = Windows Search Service | ID = 3026
Description =

Error - 2/16/2012 6:01:17 PM | Computer Name = Bob-PC | Source = Windows Search Service | ID = 3026
Description =

Error - 2/17/2012 4:29:12 PM | Computer Name = Bob-PC | Source = Windows Search Service | ID = 3026
Description =

Error - 2/17/2012 4:50:59 PM | Computer Name = Bob-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.19190 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 768 Start Time: 01ccedb5ad020c64 Termination Time: 0

[ System Events ]
Error - 2/17/2012 3:01:08 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/17/2012 3:01:08 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/18/2012 5:42:58 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/18/2012 5:42:58 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/18/2012 5:42:58 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 2/18/2012 5:42:58 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/19/2012 8:49:28 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/19/2012 8:49:28 PM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/20/2012 9:18:05 AM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2/20/2012 9:18:06 AM | Computer Name = Bob-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

#6
Render

Posted 20 February 2012 - 08:40 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Please follow the steps below:

Step 1

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")

Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

:OTL
IE - HKU\S-1-5-21-3936260829-1272539646-4047197323-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
[2012/02/16 15:04:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\FJGTENVBX
[2012/02/16 11:47:53 | 000,019,761 | ---- | M] () -- C:\LDB_20120216001
[2012/02/16 11:39:28 | 042,704,896 | ---- | M] () -- C:\Windows\System32\IDBJKXUWV
[2011/03/25 01:54:18 | 000,011,944 | -HS- | C] () -- C:\Users\Bob\AppData\Local\3011k67wttp43662q2qw454a467754200insrqeg
[2011/03/25 01:54:18 | 000,011,944 | -HS- | C] () -- C:\ProgramData\3011k67wttp43662q2qw454a467754200insrqeg
  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]

Make sure all other windows are closed and to let it run uninterrupted.
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Click on Check for Updates button.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:

OTL fix log
OTL quick scan log
MBAM log

#7
bob65

Posted 20 February 2012 - 10:12 AM

Member

Topic Starter
Member
20 posts

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3936260829-1272539646-4047197323-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\WINDOWS\System32\FJGTENVBX moved successfully.
C:\LDB_20120216001 moved successfully.
C:\WINDOWS\System32\IDBJKXUWV moved successfully.
C:\Users\Bob\AppData\Local\3011k67wttp43662q2qw454a467754200insrqeg moved successfully.
C:\ProgramData\3011k67wttp43662q2qw454a467754200insrqeg moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bob\Desktop\cmd.bat deleted successfully.
C:\Users\Bob\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Bob\Desktop\cmd.bat deleted successfully.
C:\Users\Bob\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Bob\Desktop\cmd.bat deleted successfully.
C:\Users\Bob\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Bob\Desktop\cmd.bat deleted successfully.
C:\Users\Bob\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Bob\Desktop\cmd.bat deleted successfully.
C:\Users\Bob\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 42264 bytes
->Temporary Internet Files folder emptied: 56021121 bytes
->Java cache emptied: 104912 bytes
->Flash cache emptied: 1074 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 175194 bytes
RecycleBin emptied: 661610 bytes

Total Files Cleaned = 54.00 mb

[EMPTYJAVA]

User: All Users

User: Bob
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Bob
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.33.0 log created on 02202012_095755

Files\Folders moved on Reboot...
File\Folder C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(2)\Content.IE5\UJH7O94H\dmVyeXRoaW5nLmNzcztjb21tZW50cy5jc3M7Y29tbWVudHMtc2l0ZS5jc3M7Y3Jvc3NQcm9tby5jc3M7c2hhcmUuY3NzO3NoYXJlLXNpdGUuY3NzO2ZyYW5jaGlzZUxpc3QuY3NzO2ZiU3RyaXBlLmNzcw..[1].css not found!
File\Folder C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(2)\Content.IE5\UEP2N17M\cztzaXRlU2VhcmNoLmNzcztzaXRlU2VhcmNoLXNpdGUuY3NzO2dlbmVyaWMuY3NzO2dlbmVyaWMtc2l0ZS5jc3M7Z2FtZS5jc3M7Z2FtZS1zaXRlLmNzcztzcGVjaWFsLmNzcztzcGVjaWFsLXNpdGUuY3Nz[1].css not found!

Registry entries deleted on Reboot...

OTL logfile created on: 2/20/2012 10:22:05 AM - Run 4
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Bob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.90% Memory free
4.11 Gb Paging File | 3.28 Gb Available in Paging File | 79.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.85 Gb Total Space | 87.99 Gb Free Space | 62.47% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.47 Gb Free Space | 17.92% Space Free | Partition Type: NTFS

Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 08:28:51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 19:38:00 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/14 06:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/28 19:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/14 06:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 06:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 06:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 06:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 06:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 06:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 06:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/08/09 15:43:20 | 000,130,904 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2007/03/28 19:45:38 | 000,339,968 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/03/28 19:45:28 | 000,114,783 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/03/28 19:45:26 | 000,233,573 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/03/28 19:45:26 | 000,032,768 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (VU)
SRV - File not found [On_Demand | Stopped] -- -- (IVBORDHV)
SRV - File not found [On_Demand | Stopped] -- -- (HTPVBOJ)
SRV - File not found [On_Demand | Stopped] -- -- (HOPUBVKF)
SRV - File not found [On_Demand | Stopped] -- -- (DBOHCJX)
SRV - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/28 19:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 19:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 16:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2012/02/04 15:12:39 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 15:12:39 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 17:06:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120219.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/03 17:06:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120219.016\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/03 12:57:01 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/02 16:11:24 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120217.003\IDSvix86.sys -- (IDSVix86)
DRV - [2012/01/21 02:27:16 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/04/20 20:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/03/22 20:59:10 | 000,020,560 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/02/28 13:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 11:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 03:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/12/22 16:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 12:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 07:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 05:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/08/05 04:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/29 19:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/03 16:23:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/20 10:00:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/02/16 10:31:53 | 000,000,000 | ---D | M]

[2011/06/14 11:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2011/06/14 11:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/14 11:27:23 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/02/20 09:57:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A6D4BD4-5A73-485A-8041-D8AE5A2C831A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Bob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/29 03:15:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 10:11:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/20 10:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/20 09:57:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/20 08:28:31 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/02/18 19:04:36 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\FreeFileViewer
[2012/02/18 18:53:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\FileTypeAssistant
[2012/02/18 18:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2012/02/18 18:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/02/18 18:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2012/02/16 12:06:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\RootkitRevealer[1]
[2012/02/16 11:47:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCID
[2012/02/16 10:31:52 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/02/16 10:31:52 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/02/16 10:31:52 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/02/16 10:31:51 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/02/16 10:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/02/16 10:27:48 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/02/16 10:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/02/16 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\TestApp
[2012/02/16 10:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/02/15 21:35:52 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Bob\Desktop\aswMBR.exe
[2012/02/15 21:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/02/09 16:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Evidence Eliminator
[2012/02/09 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/02/09 16:36:35 | 000,061,440 | ---- | C] (evidence-eliminator.com) -- C:\Windows\System32\Eeshellx.dll
[2012/02/09 16:36:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
[2012/02/09 16:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
[2012/02/08 21:49:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/08 12:20:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\CrashDumps
[2012/02/08 12:01:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/08 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\temp
[2012/02/08 11:05:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/08 11:05:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/08 11:05:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/08 11:05:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/08 11:05:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/08 11:02:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/07 12:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2012/02/07 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\f-secure
[2012/02/07 12:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/02/07 12:48:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/07 12:11:23 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\PerformerSoft
[2012/02/07 12:11:22 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012/02/03 14:08:40 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.sys
[2012/02/03 14:08:40 | 000,516,216 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.sys
[2012/02/03 14:08:40 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symds.sys
[2012/02/03 14:08:40 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symtdiv.sys
[2012/02/03 14:08:40 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\symnets.sys
[2012/02/03 14:08:40 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\ironx86.sys
[2012/02/03 14:08:40 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.sys
[2012/02/03 14:08:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0502000.00D
[2012/02/03 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Symantec
[2012/02/03 12:57:01 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/03 12:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/03 12:56:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2012/02/03 12:56:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/02/03 12:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2012/02/03 12:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/02/03 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/03 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/02/03 10:43:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\NPE
[2012/02/03 10:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

========== Files - Modified Within 30 Days ==========

[2012/02/20 10:11:28 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 10:10:05 | 000,000,168 | ---- | M] () -- C:\Users\Bob\Desktop\Google.url
[2012/02/20 10:01:40 | 000,012,931 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\nvModes.001
[2012/02/20 10:01:40 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/20 09:59:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 09:59:50 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 09:59:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 09:59:49 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/02/20 09:59:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/20 09:57:59 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/02/20 09:30:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 08:28:51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/02/20 08:16:38 | 000,012,931 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\nvModes.dat
[2012/02/19 20:12:26 | 000,000,354 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Sign In.url
[2012/02/18 20:23:17 | 000,000,104 | ---- | M] () -- C:\Users\Bob\Desktop\Recycle Bin - Shortcut (2).lnk
[2012/02/18 19:05:37 | 000,000,555 | ---- | M] () -- C:\Users\Bob\Desktop\MBR.zip
[2012/02/16 16:14:42 | 282,842,730 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/16 15:11:51 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/16 15:11:51 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/16 10:45:57 | 000,005,632 | ---- | M] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 10:29:35 | 001,962,617 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/02/16 10:19:36 | 000,000,000 | ---- | M] () -- C:\Users\Bob\defogger_reenable
[2012/02/16 10:00:54 | 000,284,504 | ---- | M] () -- C:\Users\Bob\AppData\Local\census.cache
[2012/02/16 10:00:32 | 000,218,816 | ---- | M] () -- C:\Users\Bob\AppData\Local\ars.cache
[2012/02/16 09:51:03 | 000,000,036 | ---- | M] () -- C:\Users\Bob\AppData\Local\housecall.guid.cache
[2012/02/15 21:43:03 | 000,000,512 | ---- | M] () -- C:\Users\Bob\Desktop\MBR.dat
[2012/02/15 21:36:03 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Bob\Desktop\aswMBR.exe
[2012/02/15 19:26:09 | 000,351,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 18:28:22 | 002,069,830 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/13 11:31:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/13 10:12:41 | 000,002,427 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/02/13 09:29:59 | 000,008,160 | ---- | M] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2012/02/09 16:42:09 | 000,000,771 | ---- | M] () -- C:\Users\Bob\Desktop\Evidence Eliminator.lnk
[2012/02/08 12:17:11 | 000,000,050 | ---- | M] () -- C:\user.js
[2012/02/07 23:10:50 | 000,050,477 | ---- | M] () -- C:\Users\Bob\Desktop\Defogger.exe
[2012/02/07 12:16:38 | 000,001,603 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/02/06 18:03:46 | 000,178,195 | ---- | M] () -- C:\Users\Bob\Documents\Claim_Form_10.pdf
[2012/02/06 17:06:32 | 000,047,032 | ---- | M] () -- C:\Users\Bob\Documents\Classic Form-signed.pdf
[2012/02/06 16:41:17 | 000,422,298 | ---- | M] () -- C:\Users\Bob\Documents\Scan.pdf
[2012/02/03 15:15:01 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/03 13:09:30 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/03 12:57:01 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/03 12:57:01 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/03 12:57:01 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/02/02 09:05:57 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/02 09:05:57 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/01 13:47:06 | 000,017,464 | ---- | M] (PerformerSoft LLC) -- C:\Windows\System32\roboot.exe
[2012/01/28 00:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini

========== Files Created - No Company Name ==========

[2012/02/20 10:11:28 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/18 20:23:17 | 000,000,104 | ---- | C] () -- C:\Users\Bob\Desktop\Recycle Bin - Shortcut (2).lnk
[2012/02/18 19:05:37 | 000,000,555 | ---- | C] () -- C:\Users\Bob\Desktop\MBR.zip
[2012/02/18 18:51:47 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/02/16 16:09:41 | 282,842,730 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/16 10:31:52 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/02/16 10:31:52 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/02/16 10:31:52 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/02/16 10:31:52 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/02/16 10:31:52 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/02/16 10:19:36 | 000,000,000 | ---- | C] () -- C:\Users\Bob\defogger_reenable
[2012/02/16 10:00:54 | 000,284,504 | ---- | C] () -- C:\Users\Bob\AppData\Local\census.cache
[2012/02/16 10:00:32 | 000,218,816 | ---- | C] () -- C:\Users\Bob\AppData\Local\ars.cache
[2012/02/16 09:51:03 | 000,000,036 | ---- | C] () -- C:\Users\Bob\AppData\Local\housecall.guid.cache
[2012/02/15 21:43:03 | 000,000,512 | ---- | C] () -- C:\Users\Bob\Desktop\MBR.dat
[2012/02/13 11:31:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/09 16:42:09 | 000,000,771 | ---- | C] () -- C:\Users\Bob\Desktop\Evidence Eliminator.lnk
[2012/02/08 12:17:11 | 000,000,050 | ---- | C] () -- C:\user.js
[2012/02/08 11:05:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/08 11:05:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/08 11:05:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/08 11:05:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/08 11:05:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 23:10:41 | 000,050,477 | ---- | C] () -- C:\Users\Bob\Desktop\Defogger.exe
[2012/02/07 23:02:16 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/07 12:11:23 | 000,001,603 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/02/06 17:06:32 | 000,047,032 | ---- | C] () -- C:\Users\Bob\Documents\Classic Form-signed.pdf
[2012/02/06 16:41:17 | 000,422,298 | ---- | C] () -- C:\Users\Bob\Documents\Scan.pdf
[2012/02/03 15:09:34 | 002,069,830 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/03 14:08:40 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnetv.cat
[2012/02/03 14:08:40 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\iron.cat
[2012/02/03 14:08:40 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnet.cat
[2012/02/03 14:08:40 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.cat
[2012/02/03 14:08:40 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.cat
[2012/02/03 14:08:40 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.cat
[2012/02/03 14:08:40 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.inf
[2012/02/03 14:08:40 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symds.inf
[2012/02/03 14:08:40 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnetv.inf
[2012/02/03 14:08:40 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symnet.inf
[2012/02/03 14:08:40 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.inf
[2012/02/03 14:08:40 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.inf
[2012/02/03 14:08:40 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\iron.inf
[2012/02/03 14:08:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\symds.cat
[2012/02/03 14:08:18 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/02/03 12:57:01 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/03 12:57:01 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/02/03 12:56:58 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/02/01 17:06:44 | 000,178,195 | ---- | C] () -- C:\Users\Bob\Documents\Claim_Form_10.pdf
[2012/01/16 09:27:16 | 000,002,427 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/08/23 21:08:46 | 000,116,891 | ---- | C] () -- C:\Windows\hpqins00.dat
[2011/05/23 16:33:01 | 000,137,705 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/04/28 10:38:01 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/28 10:38:01 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/27 21:13:07 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/03 12:16:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/03 12:16:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/03 12:16:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/02 00:00:03 | 000,005,632 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/01 01:31:54 | 000,008,160 | ---- | C] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2011/01/31 20:43:41 | 000,012,931 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\nvModes.001
[2011/01/31 20:43:40 | 000,012,931 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\nvModes.dat

========== LOP Check ==========

[2012/02/07 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\f-secure
[2012/02/19 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FreeFileViewer
[2012/01/09 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FrostWire
[2011/11/07 10:34:50 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\IObit
[2011/01/31 20:44:34 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\MSNInstaller
[2011/02/21 01:47:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\MusicNet
[2011/01/31 21:11:33 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\muvee Technologies
[2012/02/07 12:14:07 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PerformerSoft
[2012/02/16 10:27:19 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TestApp
[2011/06/14 11:27:50 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TomTom
[2012/02/20 09:59:49 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2012/02/20 09:58:33 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CD15C3

< End of report >

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.20.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19190
Bob :: BOB-PC [administrator]

2/20/2012 10:31:20 AM
mbam-log-2012-02-20 (10-31-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177027
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8
Render

Posted 20 February 2012 - 11:40 AM

Trusted Helper

Malware Removal
4,195 posts

OK. I actually don't understand what your problem is. Can you please explain it one more time and in what browser is this problem evident.

#9
bob65

Posted 20 February 2012 - 11:30 PM

Member

Topic Starter
Member
20 posts

I continually have to use a cleaning program to clear out my browser cache (temporary internet files). My browser cache then very quickly fills back up. After a short time my computer slows to a crawl until finally I can't even bring up a website. Then I have to repeat the process of cleaning it all back out again. I don't even have to be on any websites (just connected to the internet) and here is just a sample of what is cleaned out. These 419 items built up after only 10-15 minutes.

Files found: 419
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat <P1><NOWIN><SKIPPED LOCKED FILE><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\b[1].gif <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\carousel-bg-top[1].gif <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\Cat-I[1].htm <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\Cat-L[1].htm <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\clk[1].htm <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\contact[1].css <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\crossdomain[1].xml <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\cta-gray[1].gif <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\d955872c18184185[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\d955872c18184185[2].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\desktop.ini <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\g-button-chocobo-basic-1[1].gif <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\general[1].css <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\header2[1].png <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\homenav-bg[1].png <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\hqdefault[1].jpg <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\icon-printer[1].png <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\II3_Rules[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\InstantInvite3[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\InstantTracking[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\IWcfVXxvZu9XwJ55OX7Ag,ac2QSVYaZ-Mb4P6BWeqF7Zs_o_LfgdsvPn3xvpTjBJhgE5B0e43ZbD3yBcK7vsDITPCdtK08g7KBD10NKNTdmVkPqW_eZqvS_feOiH1nU-y9_EwVy_iUPpEi-AGCZXxW5pNudw[1].gif <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\jquery.easing.1.3[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\jquery.hoverIntent.minified[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\jquery.query-2.1.7-min[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\jquery.query-2.1.7[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\jquery.tweet[1].css <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\KonaGet[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\KonaSend[1].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\KonaSend[2].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\KonaSend[3].js <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\k_log[1].php <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\k_log[2].php <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\k_log[3].php <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\k_log[4].php <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\logo[1].gif <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\mgyhp_sm[1].png <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\minimall[1] <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\navbar-bg[1].png <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\navlist_arrow[1].png <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\nav[1].gif <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\nopic_48[1].gif <P1>[0]<NAME><ZERO><KILL><OK>
Eliminating File: C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C21P08AN\nycli1[1].gif <P1>[0]<NAME><ZERO><KILL><OK>

#10
Render

Posted 21 February 2012 - 05:33 AM

Trusted Helper

Malware Removal
4,195 posts

And what happen if you use Firefox? Same thing?

#11
bob65

Posted 21 February 2012 - 09:25 AM

Member

Topic Starter
Member
20 posts

Yes, switched to Firefox and same thing. Whatever this is, it won't let me run RootRepeal. A few seconds into the scan I get a blue screen with a message that says my computer will be damaged if I continue and it reboots. I picked up this problem one other time several years ago and was fixed by one of these help forums but can't remember what they did to get rid of it. Thank you for taking this extra time with me.

#12
Render

Posted 21 February 2012 - 09:34 AM

Trusted Helper

Malware Removal
4,195 posts

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

#13
bob65

Posted 21 February 2012 - 08:45 PM

Member

Topic Starter
Member
20 posts

It deleted my Evidence Eliminator cleaning program but I will re-install later, it's safe.

ComboFix 12-02-21.02 - Bob 02/21/2012 12:10:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1066 [GMT -5:00]
Running from: c:\users\Bob\Desktop\Combo-Fix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Evidence Eliminator
c:\program files\Evidence Eliminator\Data\Config.dat
c:\program files\Evidence Eliminator\Data\Drives.dat
c:\program files\Evidence Eliminator\Data\Files.dat
c:\program files\Evidence Eliminator\Data\FilesContents.dat
c:\program files\Evidence Eliminator\Data\Folders.dat
c:\program files\Evidence Eliminator\Data\FolderScans.dat
c:\program files\Evidence Eliminator\Data\IECookiesKeep.dat
c:\program files\Evidence Eliminator\Data\IEDownloadedKeep.dat
c:\program files\Evidence Eliminator\Data\MozillaCookiesKeep.dat
c:\program files\Evidence Eliminator\Data\OE5ChoiceList.dat
c:\program files\Evidence Eliminator\Data\Plug-Ins\AbsoluteFTP.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v8.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v9.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v10.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v11.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v12.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ASPack.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Avant Browser.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cabinet Manager.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic Agent.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Corel Paintshop Pro v10.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v3.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v7.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\DiskKeeper v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\DivXPlayer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Download Accelerator.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Eudora Mail.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\EventLog.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\FTP Explorer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GetRight v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Google Chrome.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GoogleBar.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GoogleNavigation.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GoZilla.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\HelpWriter.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Icon Extractor.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ICQ 2000a.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\InstallShield Express.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\J2 Messenger.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Kazaa.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Limewire v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microangelo 98.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft HTML Help.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Office 2010.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Office.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\My Network Places.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Napster Music Community.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NEATO Labels.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NeoPlanet v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton File Manager.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Personal Firewall.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Utilities 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NoteTab Pro.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Opera Browser.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\PackageForTheWeb.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Personal Ancestral File.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Quicktime.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Download v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Player v10.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\RealOne Player.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\RemoteDesktop.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Safari Browser.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\SureThing CD Labeler.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Telnet.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Web Ferret v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinOnCD.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.70.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinZip v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinZip v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Wise Installer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Yahoo Player.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\YahooMessenger.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ZipMagic 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Zone Alarm.eep
c:\program files\Evidence Eliminator\Data\PlugInSelections.dat
c:\program files\Evidence Eliminator\Data\ScanMasks.dat
c:\program files\Evidence Eliminator\Data\TBChoiceList.dat
c:\program files\Evidence Eliminator\Ee.exe
c:\program files\Evidence Eliminator\EEShellExt.dll
c:\program files\Evidence Eliminator\EEStartupLauncher.exe
c:\program files\Evidence Eliminator\Help\ee.chm
c:\program files\Evidence Eliminator\INSTALL.LOG
c:\program files\Evidence Eliminator\License.txt
c:\program files\Evidence Eliminator\ReadMe.txt
c:\program files\Evidence Eliminator\UNWISE.INI
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 17:20 . 2012-02-21 17:20 -------- d-----w- c:\users\Bob\AppData\Local\temp
2012-02-21 17:20 . 2012-02-21 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 16:28 . 2012-02-21 16:28 -------- d-----w- c:\users\Bob\AppData\Local\VS Revo Group
2012-02-21 14:41 . 2012-02-21 14:41 -------- d-----w- c:\users\Bob\AppData\Local\Mozilla
2012-02-20 14:57 . 2012-02-20 14:57 -------- d-----w- C:\_OTL
2012-02-18 23:53 . 2012-02-18 23:53 -------- d-----w- c:\users\Bob\AppData\Local\FileTypeAssistant
2012-02-18 23:51 . 2012-02-18 23:56 -------- d-----w- c:\programdata\Yahoo!
2012-02-16 16:47 . 2012-02-21 16:36 -------- d-----w- c:\windows\system32\WCID
2012-02-16 15:31 . 2012-01-16 21:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-02-16 15:31 . 2012-01-16 21:28 2246608 ----a-w- c:\windows\PCTBDCore.dll
2012-02-16 15:31 . 2012-01-16 21:28 767952 ----a-w- c:\windows\BDTSupport.dll
2012-02-16 15:31 . 2011-09-28 18:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-02-16 15:31 . 2012-01-16 21:28 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-02-16 15:27 . 2012-02-16 16:47 -------- d-----w- c:\program files\Common Files\PC Tools
2012-02-16 15:27 . 2012-01-11 21:19 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-16 15:27 . 2012-02-16 15:27 -------- d-----w- c:\users\Bob\AppData\Roaming\TestApp
2012-02-16 15:04 . 2012-02-16 15:04 -------- d-----w- c:\programdata\McAfee
2012-02-16 02:19 . 2012-02-16 15:13 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-09 21:42 . 2001-08-17 05:00 22528 ----a-w- c:\windows\system32\temp.033
2012-02-09 21:42 . 2001-06-12 06:20 28944 ----a-w- c:\windows\system32\temp.034
2012-02-09 21:42 . 2006-11-27 20:54 433152 ----a-w- c:\windows\system32\temp.031
2012-02-09 21:42 . 2004-08-04 18:00 3584 ----a-w- c:\windows\system32\temp.030
2012-02-09 21:42 . 2004-08-04 18:00 276992 ----a-w- c:\windows\system32\temp.032
2012-02-09 21:41 . 2001-03-13 19:53 326656 ----a-w- c:\windows\system32\temp.02F
2012-02-09 21:41 . 2001-03-13 19:47 17920 ----a-w- c:\windows\system32\temp.02D
2012-02-09 21:41 . 2001-03-13 19:47 164112 ----a-w- c:\windows\system32\temp.02B
2012-02-09 21:41 . 2001-03-13 19:45 147728 ----a-w- c:\windows\system32\temp.02C
2012-02-09 21:41 . 2000-08-21 02:00 1388544 ----a-w- c:\windows\system32\temp.02E
2012-02-09 21:41 . 2001-03-13 19:47 598288 ----a-w- c:\windows\system32\temp.02A
2012-02-09 21:37 . 2001-12-28 06:44 421888 ----a-w- c:\windows\system32\temp.027
2012-02-09 21:37 . 2001-08-23 17:00 3584 ----a-w- c:\windows\system32\temp.026
2012-02-09 21:37 . 2001-08-17 05:00 22528 ----a-w- c:\windows\system32\temp.028
2012-02-09 21:37 . 2001-06-12 06:20 28944 ----a-w- c:\windows\system32\temp.029
2012-02-09 21:37 . 2001-03-13 19:53 326656 ----a-w- c:\windows\system32\temp.025
2012-02-09 21:37 . 2001-03-13 19:47 17920 ----a-w- c:\windows\system32\temp.023
2012-02-09 21:37 . 2001-03-13 19:45 147728 ----a-w- c:\windows\system32\temp.022
2012-02-09 21:37 . 2000-08-21 02:00 1388544 ----a-w- c:\windows\system32\temp.024
2012-02-09 21:37 . 2001-03-13 19:47 164112 ----a-w- c:\windows\system32\temp.021
2012-02-09 21:37 . 2001-03-13 19:47 598288 ----a-w- c:\windows\system32\temp.020
2012-02-09 21:37 . 2012-02-13 14:19 -------- d-----w- c:\programdata\WeCareReminder
2012-02-09 21:36 . 2001-12-28 06:44 421888 ----a-w- c:\windows\system32\temp.01D
2012-02-09 21:36 . 2001-08-23 17:00 3584 ----a-w- c:\windows\system32\temp.01C
2012-02-09 21:36 . 2001-08-17 05:00 22528 ----a-w- c:\windows\system32\temp.01E
2012-02-09 21:36 . 2001-06-12 06:20 28944 ----a-w- c:\windows\system32\temp.01F
2012-02-09 21:36 . 1999-11-12 12:37 61440 ------w- c:\windows\system32\Eeshellx.dll
2012-02-09 21:36 . 2001-03-13 19:53 326656 ----a-w- c:\windows\system32\temp.01B
2012-02-09 21:36 . 2001-03-13 19:47 17920 ----a-w- c:\windows\system32\temp.019
2012-02-09 21:36 . 2001-03-13 19:47 164112 ----a-w- c:\windows\system32\temp.017
2012-02-09 21:36 . 2001-03-13 19:45 147728 ----a-w- c:\windows\system32\temp.018
2012-02-09 21:36 . 2000-08-21 02:00 1388544 ----a-w- c:\windows\system32\temp.01A
2012-02-09 21:36 . 2001-03-13 19:47 598288 ----a-w- c:\windows\system32\temp.016
2012-02-08 17:20 . 2012-02-16 21:06 -------- d-----w- c:\users\Bob\AppData\Local\CrashDumps
2012-02-08 17:17 . 2012-02-08 17:17 50 ----a-w- C:\user.js
2012-02-08 16:05 . 2012-02-21 17:04 -------- d-----w- C:\ComboFix
2012-02-07 17:58 . 2012-02-07 17:58 -------- d-----w- c:\programdata\Sunbelt
2012-02-07 17:53 . 2012-02-07 17:53 -------- d-----w- c:\users\Bob\AppData\Roaming\f-secure
2012-02-07 17:53 . 2012-02-07 17:53 -------- d-----w- c:\programdata\F-Secure
2012-02-07 17:48 . 2012-02-07 17:48 -------- d-----w- c:\windows\Sun
2012-02-07 17:11 . 2012-02-07 17:14 -------- d-----w- c:\users\Bob\AppData\Roaming\PerformerSoft
2012-02-03 17:57 . 2010-08-21 03:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-03 17:57 . 2012-02-03 17:57 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-03 17:57 . 2012-02-03 17:57 -------- d-----w- c:\program files\Symantec
2012-02-03 17:56 . 2010-08-21 03:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-02-03 17:56 . 2012-02-03 20:16 -------- d-----w- c:\windows\system32\drivers\N360
2012-02-03 17:56 . 2012-02-03 17:56 -------- d-----w- c:\program files\Norton 360
2012-02-03 17:56 . 2012-02-03 17:56 -------- d-----w- c:\program files\NortonInstaller
2012-02-03 15:43 . 2012-02-03 20:18 -------- d-----w- c:\users\Bob\AppData\Local\NPE
2012-02-03 15:43 . 2012-02-03 17:59 -------- d-----w- c:\programdata\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-16 14:25 . 2012-01-16 14:25 90112 ----a-w- c:\users\Bob\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-01-16 14:25 . 2012-01-16 14:25 24576 ----a-w- c:\users\Bob\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-01-16 14:25 . 2012-01-16 14:25 1339392 ----a-w- c:\users\Bob\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2011-11-30 00:37 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-30 00:37 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-25 15:59 . 2012-01-11 20:44 376320 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Bob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT]
2011-06-14 05:45 392280 ----a-w- c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 18:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02 435672 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-01-13 03:36 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-30 00:38 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 02:53]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 02:53]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-21 12:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\DB74.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-21 12:26:43
ComboFix-quarantined-files.txt 2012-02-21 17:26
.
Pre-Run: 96,051,367,936 bytes free
Post-Run: 96,040,448,000 bytes free
.
- - End Of File - - 94AE03084C2CDC7C339FA53E7E00EEA3

#14
Render

Posted 22 February 2012 - 05:00 AM

Trusted Helper

Malware Removal
4,195 posts

Nothing malicious pops up from logs. Evidence Eliminator is not so safe as you think it is. It's actually somehow rogue program and I don't recommend you to install it back.

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#15
bob65

Posted 22 February 2012 - 05:24 PM

Member

Topic Starter
Member
20 posts

It found nothing to fix! Whatever infected my computer is really hidden well! If all else fails, if I use system restore to "factory settings" would that get rid of it?