Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google links redirect and start up problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google links redirect and start up problems

Unread postby icecream90 » October 29th, 2010, 1:35 am

My google links are being redirected, also I have WinPatrol installed and I constantly get alerts about things trying to run on start up, can someone help me with this?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:42:32 AM, on 10/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe










µTorrent
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 7
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CDisplay 1.8
Choice Guard
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
Download Updater (AOL LLC)
DVD Suite
Enigma
ERUNT 1.1j
ESET Online Scanner v3
FL Studio 9
GTK+ Runtime 2.14.7 rev a (remove only)
Hardcore
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0090
HP Wireless Assistant
HPNetworkAssistant
HPSSupply
HTC Driver Installer
HTC Sync
IL Download Manager
iTunes
Java(TM) 6 Update 18
LabelPrint
LG USB Modem driver
Malwarebytes' Anti-Malware
ManyCam 2.5.48 (remove only)
M-Audio Series II MIDI
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.11)
MP3 Converter Simple
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NETGEAR Live Parental Controls Management Utility 2.0b44
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PoiZone
Power2Go
PowerDirector
QuickTime
Reason 4.0
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SlingPlayer
Spelling Dictionaries Support For Adobe Reader 9
Touch Pad Driver
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Verizon Broadband Toolbar (IE only)
Verizon Broadband Toolbar Firefox only
Verizon Servicepoint 3.5.10
Viewpoint Media Player
VLC media player 1.0.2
VoiceOver Kit
WeatherBug Gadget
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver
Yahoo! Install Manager
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am
Advertisement
Register to Remove

Re: Google links redirect and start up problems

Unread postby MWR 3 day Mod » November 1st, 2010, 3:35 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 1st, 2010, 4:25 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby Gary R » November 1st, 2010, 4:33 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi icecream90

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download DDS and save it to your Desktop (must be in this location).
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both to your Desktop.
  • Copy/Paste the contents of both into your next reply please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 1st, 2010, 5:55 pm

Hi, Thank you so much Gary R for helping me out with this I really appreciate it.


DDS (Ver_10-11-01.01) - NTFSx86
Run by CAllen at 17:52:07.57 on Mon 11/01/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1578 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe
C:\Users\CAllen\AppData\Local\Temp\dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\CAllen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
mSearchAssistant =
uWinlogon: Shell=explorer.exe,c:\users\callen\appdata\roaming\microsoft\windows\shell.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\callen\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\callen\appdata\roaming\mozilla\firefox\profiles\sygs4tdl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\callen\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\callen\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\callen\appdata\roaming\mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.6 beta 5\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-2 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-2 60936]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2009-12-19 668912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2010-6-3 31872]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-29 1251720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-10-31 15:42:14 97792 ----a-w- c:\users\callen\appdata\roaming\microsoft\svchost.exe
2010-10-29 16:26:19 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0badfa6c-02d6-4f7d-8624-b269adc6b843}\mpengine.dll
2010-10-27 05:12:56 133632 ----a-w- c:\users\callen\appdata\roaming\microsoft\windows\shell.exe
2010-10-14 07:08:14 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 07:08:13 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 07:05:18 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 07:05:18 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 07:04:51 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 07:04:40 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 07:04:40 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 07:04:40 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 07:04:40 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 07:04:39 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 07:03:12 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 07:03:07 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 07:01:52 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 07:01:51 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 07:01:10 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 07:01:00 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 05:52:51 531968 ----a-w- c:\windows\system32\comctl32.dll

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 17:53:07.62 ===============










UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2008 12:15:20 AM
System Uptime: 11/1/2010 1:15:27 AM (16 hours ago)

Motherboard: Wistron | | 30D6
Processor: AMD Turion(tm) 64 X2 TL-60 | Socket A | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 27.914 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.989 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0035
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0035
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0036
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0036
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0041
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #7
PNP Device ID: ROOT\*ISATAP\0041
Service: tunnel

==== System Restore Points ===================

RP789: 10/19/2010 12:00:01 AM - Scheduled Checkpoint
RP791: 10/19/2010 1:27:46 AM - Removed Super Webcam
RP792: 10/19/2010 1:28:10 AM - Removed Skype™ 4.2
RP793: 10/19/2010 3:10:41 PM - Windows Update
RP794: 10/21/2010 1:01:42 PM - Scheduled Checkpoint
RP795: 10/22/2010 4:37:06 AM - Scheduled Checkpoint
RP796: 10/22/2010 3:23:44 PM - Windows Update
RP797: 10/24/2010 - Scheduled Checkpoint
RP798: 10/24/2010 5:31:59 PM - Removed ooVoo
RP799: 10/25/2010 10:33:35 PM - Scheduled Checkpoint
RP800: 10/26/2010 11:11:27 AM - Scheduled Checkpoint
RP801: 10/26/2010 3:35:39 PM - Windows Update
RP802: 10/27/2010 1:04:02 PM - Scheduled Checkpoint
RP803: 10/29/2010 12:00:01 AM - Scheduled Checkpoint
RP804: 10/29/2010 12:25:50 PM - Windows Update
RP805: 10/31/2010 1:01:28 PM - Scheduled Checkpoint

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 7
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BufferChm
C3100
c3100_Help
Cards_Calendar_OrderGift_DoMorePlugout
CDisplay 1.8
Choice Guard
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink YouCam
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Download Updater (AOL LLC)
DVD Suite
Enigma
ERUNT 1.1j
ESET Online Scanner v3
eSupportQFolder
Fax
FL Studio 9
GTK+ Runtime 2.14.7 rev a (remove only)
Hardcore
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0090
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HTC Driver Installer
HTC Sync
IL Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 18
LabelPrint
LG USB Modem driver
LightScribe System Software 1.10.13.1
M-Audio Series II MIDI
Malwarebytes' Anti-Malware
ManyCam 2.5.48 (remove only)
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.12)
MP3 Converter Simple
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NETGEAR Live Parental Controls Management Utility 2.0b44
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PoiZone
Power2Go
PowerDirector
PSSWCORE
QuickTime
Reason 4.0
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Sawer
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SlingPlayer
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
Touch Pad Driver
Toxic Biohazard
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Verizon Broadband Toolbar (IE only)
Verizon Broadband Toolbar Firefox only
Verizon Servicepoint 3.5.10
VideoToolkit01
Viewpoint Media Player
VLC media player 1.0.2
VoiceOver Kit
WeatherBug Gadget
WebReg
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver
Yahoo! BrowserPlus 2.7.1
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

10/31/2010 11:32:16 AM, Error: Service Control Manager [7023] - The wscsvc service terminated with the following error: The specified module could not be found.
10/31/2010 11:31:20 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/31/2010 11:31:20 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
10/31/2010 11:31:20 AM, Error: Service Control Manager [7000] - The M-Audio Series II MIDI Installer service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 1st, 2010, 7:04 pm

OK, didn't see quite what I was expecting to see there so I'd like to run another couple of scans to get a further look at your computer. There are definite signs of infection but I'd like to get a more complete picture of what needs removing before I start to fix anything.

First

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
Code: Select all
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents

  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download GMER to your Desktop. (It will have a randomly generated name, for example .... wjkl3ecz.exe)

  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Double click on the randomly named GMER file (eg .... wjkl3ecz.exe) to launch GMER.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Do not use your computer while the scan is running.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • GMER log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 2nd, 2010, 2:27 am

OTL logfile created on: 11/1/2010 9:31:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\CAllen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.28 Gb Total Space | 27.90 Gb Free Space | 20.32% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 1.99 Gb Free Space | 16.91% Space Free | Partition Type: NTFS

Computer Name: CALLEN-PC | User Name: CAllen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/01 21:29:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\CAllen\Desktop\OTL.exe
PRC - [2010/11/01 18:08:26 | 000,113,664 | ---- | M] () -- C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe
PRC - [2010/11/01 18:08:11 | 000,113,152 | ---- | M] () -- C:\Users\CAllen\AppData\Local\temp\dwm.exe
PRC - [2010/11/01 18:07:58 | 000,105,472 | ---- | M] () -- C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe
PRC - [2010/10/29 01:29:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/26 18:02:52 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/11/18 11:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/01 21:29:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\CAllen\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2007/03/26 14:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2010/09/21 20:52:53 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/18 11:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2008/07/20 02:14:01 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ManyCam.sys -- (ManyCam)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/28 20:13:23 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\atapi.tsk -- (atapi)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 22:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/17 15:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/08 23:21:00 | 007,626,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/08 16:26:28 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/10/08 16:26:28 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007/10/01 11:35:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 23:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/09 19:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/07 01:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/19 16:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/19 16:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/19 16:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/16 12:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/08/16 10:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)
DRV - [2006/06/27 08:56:50 | 000,031,872 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\superwebcam.sys -- (SUPERWEBCAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 5\components [2010/10/29 01:29:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins [2010/10/29 01:29:46 | 000,000,000 | ---D | M]

[2010/07/22 21:17:06 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Mozilla\Extensions
[2010/07/22 21:17:06 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Mozilla\Extensions\wizard@opendns.com
[2010/11/01 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\extensions
[2010/05/13 14:23:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/19 13:47:10 | 000,000,000 | ---D | M] (Verizon Broadband Toolbar) -- C:\Users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\extensions\{3DD07E5D-2ADF-42ea-972E-2998FA5CE45A}
[2010/10/21 11:42:59 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/10 00:45:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

O1 HOSTS File: ([2010/01/08 15:17:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [svchost] C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
F3 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000 WinNT: Load - (C:\Users\CAllen\AppData\Local\Temp\dwm.exe) - C:\Users\CAllen\AppData\Local\temp\dwm.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000 Winlogon: Shell - (C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/29 01:04:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0cde30e8-b881-11df-8bb0-001d7255e495}\Shell - "" = AutoRun
O33 - MountPoints2\{0cde30e8-b881-11df-8bb0-001d7255e495}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^CAllen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: WAWifiMessage - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: Midi1 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi2 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 21:29:06 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\CAllen\Desktop\OTL.exe
[2010/10/14 03:08:13 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 03:04:51 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 03:04:39 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 03:03:07 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 03:02:45 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 03:02:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 03:02:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 03:02:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/14 03:02:35 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 03:02:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 03:02:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 03:02:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 03:02:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/14 03:02:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/14 03:02:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/14 03:02:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/14 03:02:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/14 03:02:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 03:02:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 03:02:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 03:02:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 03:01:52 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 03:01:51 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 03:01:10 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 03:01:00 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

========== Files - Modified Within 30 Days ==========

[2010/11/01 21:29:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\CAllen\Desktop\OTL.exe
[2010/11/01 19:46:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 19:46:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/01 17:51:57 | 000,623,616 | ---- | M] () -- C:\Users\CAllen\Desktop\dds.scr
[2010/11/01 17:49:49 | 000,000,714 | ---- | M] () -- C:\Users\CAllen\Desktop\ERUNT.lnk
[2010/11/01 17:48:06 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6DFFBE1E-577F-4EB1-BBB2-8971CA403F8E}.job
[2010/11/01 17:46:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/31 11:54:15 | 000,063,233 | ---- | M] () -- C:\Users\CAllen\Desktop\nerd-nothing-cover.jpg
[2010/10/31 11:54:13 | 000,090,112 | ---- | M] () -- C:\Users\CAllen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 11:41:43 | 000,000,680 | ---- | M] () -- C:\Users\CAllen\AppData\Local\d3d9caps.dat
[2010/10/31 11:29:37 | 3152,875,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 00:48:02 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 00:48:02 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/28 12:48:31 | 000,002,525 | ---- | M] () -- C:\Users\CAllen\Desktop\HiJackThis.lnk
[2010/10/26 14:16:54 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/20 02:00:26 | 000,027,430 | ---- | M] () -- C:\Users\CAllen\AppData\Roaming\nvModes.001
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/15 19:45:08 | 003,663,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/01 17:51:55 | 000,623,616 | ---- | C] () -- C:\Users\CAllen\Desktop\dds.scr
[2010/10/31 11:54:14 | 000,063,233 | ---- | C] () -- C:\Users\CAllen\Desktop\nerd-nothing-cover.jpg
[2010/06/14 03:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010/06/09 00:25:47 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2010/06/09 00:25:47 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2010/06/07 21:40:56 | 000,000,354 | ---- | C] () -- \rkill.log
[2010/06/01 00:09:18 | 000,019,240 | ---- | C] () -- \ComboFix.txt
[2010/03/28 16:58:49 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysogg.dll
[2010/03/28 16:52:38 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/12/19 15:20:28 | 000,000,795 | ---- | C] () -- \rollback.ini
[2009/09/24 14:05:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/02/20 22:37:00 | 000,002,974 | ---- | C] () -- C:\Users\CAllen\AppData\Roaming\wklnhst.dat
[2008/08/28 01:06:06 | 000,000,004 | ---- | C] () -- C:\Users\CAllen\AppData\Roaming\E4A493
[2008/08/28 01:06:05 | 000,870,128 | ---- | C] () -- C:\Users\CAllen\AppData\Roaming\mcs.rma
[2008/07/18 10:51:53 | 000,001,691 | ---- | C] () -- \NTDClient.log
[2008/07/03 23:22:28 | 000,000,680 | ---- | C] () -- C:\Users\CAllen\AppData\Local\d3d9caps.dat
[2008/06/23 19:58:04 | 000,090,112 | ---- | C] () -- C:\Users\CAllen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/23 18:11:13 | 000,027,430 | ---- | C] () -- C:\Users\CAllen\AppData\Roaming\nvModes.001
[2008/06/23 17:57:21 | 000,027,430 | ---- | C] () -- C:\Users\CAllen\AppData\Roaming\nvModes.dat
[2008/06/03 07:23:50 | 3152,875,520 | -HS- | C] () --
[2008/06/03 00:49:52 | 000,000,000 | ---- | C] () -- C:\Users\CAllen\AppData\Local\QSwitch.txt
[2008/06/03 00:49:52 | 000,000,000 | ---- | C] () -- C:\Users\CAllen\AppData\Local\DSwitch.txt
[2008/06/03 00:49:52 | 000,000,000 | ---- | C] () -- C:\Users\CAllen\AppData\Local\AtStart.txt
[2008/04/27 00:10:56 | 3466,780,672 | -HS- | C] () --
[2008/02/29 00:27:47 | 000,000,745 | -H-- | C] () -- \IPH.PH
[2008/02/08 02:49:06 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== LOP Check ==========

[2010/03/03 01:30:30 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\.purple
[2010/03/26 14:21:35 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Ableton
[2008/06/25 14:27:10 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\acccore
[2010/06/11 18:32:48 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Audacity
[2010/01/10 11:42:22 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\AWHONN_FHM_Text
[2010/01/27 23:02:37 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\gtk-2.0
[2009/12/28 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\ICAClient
[2009/07/23 15:52:47 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Image Zone Express
[2009/01/03 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\LimeWire
[2010/07/26 22:00:39 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\ManyCam
[2009/03/21 17:40:40 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\MSNInstaller
[2010/07/22 21:17:05 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\NETGEAR Live Parental Controls
[2010/06/19 01:24:34 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\ooVoo Details
[2009/11/30 23:41:11 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\PlayFirst
[2009/05/27 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Printer Info Cache
[2010/05/14 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Propellerhead Software
[2009/10/09 00:37:40 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\REAPER
[2009/08/31 00:01:26 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\SharePod
[2010/06/10 05:39:14 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Teleca
[2009/02/20 22:37:04 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\Template
[2010/10/25 00:30:28 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\uTorrent
[2008/06/23 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\WildTangent
[2010/01/17 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\CAllen\AppData\Roaming\WinPatrol
[2010/10/30 02:40:13 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/01 17:48:06 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6DFFBE1E-577F-4EB1-BBB2-8971CA403F8E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/29 01:04:12 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/06/01 00:09:18 | 000,019,240 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/31 11:29:37 | 3152,875,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/09 00:25:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/03 01:21:20 | 000,000,745 | -H-- | M] () -- C:\IPH.PH
[2010/06/09 00:25:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/19 13:46:32 | 000,001,691 | ---- | M] () -- C:\NTDClient.log
[2010/10/31 11:29:35 | 3466,780,672 | -HS- | M] () -- C:\pagefile.sys
[2010/06/07 21:42:09 | 000,000,354 | ---- | M] () -- C:\rkill.log
[2009/12/19 16:23:00 | 000,000,795 | ---- | M] () -- C:\rollback.ini


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 02:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/06 09:45:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/09/06 09:45:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/09/06 09:45:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

< %PROGRAMFILES%\*. >
[2010/03/28 14:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\Ableton
[2008/02/29 01:19:18 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/07/30 00:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/07/14 06:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/09/03 01:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/04/27 00:22:05 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2008/09/04 00:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/08/11 18:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2010/06/02 16:54:55 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2008/02/29 01:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2010/01/17 21:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\BillP Studios
[2010/09/27 13:49:49 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/06/03 00:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/06/09 00:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\CamStudio
[2010/08/03 02:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\CDisplay
[2010/06/28 12:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Comical
[2010/10/19 01:29:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/04/27 00:24:32 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/04/27 00:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/01/03 17:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/02/29 01:35:59 | 000,000,000 | ---D | M] -- C:\Program Files\earthlink totalaccess
[2010/11/01 17:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2010/01/03 17:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/08/31 00:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/24 18:54:20 | 000,000,000 | ---D | M] -- C:\Program Files\GPL MPEG Decoder
[2008/04/27 00:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/09/04 23:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/04/27 00:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2008/06/03 00:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2010/06/10 05:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\HTC
[2010/08/11 18:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2010/05/24 18:33:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/15 19:41:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/27 13:54:00 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/27 13:55:05 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/04/25 02:09:57 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/08/28 01:00:49 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2010/03/26 12:11:41 | 000,000,000 | ---D | M] -- C:\Program Files\M-Audio
[2010/06/02 00:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/26 21:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\ManyCam
[2009/03/21 17:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/01/17 23:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/02/29 01:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/29 17:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/11 03:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/31 00:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 03:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/28 12:26:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/10/29 01:29:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox 3.6 Beta 5
[2010/03/28 16:58:20 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 Converter Simple
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/15 13:43:32 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2009/03/21 17:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/06/26 11:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/02/29 01:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2010/07/22 21:17:08 | 000,000,000 | ---D | M] -- C:\Program Files\Netgear Live Parental Controls Management Utility
[2008/04/27 00:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/06/03 00:45:38 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2010/08/11 18:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2010/03/28 02:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Propellerhead
[2010/09/27 13:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/08/28 01:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/11/30 01:12:24 | 000,000,000 | ---D | M] -- C:\Program Files\Sling Media
[2010/06/10 05:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\Spirent Communications
[2009/12/28 00:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/19 01:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\SuperWebcam
[2009/12/20 16:20:35 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/04 19:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/10/06 19:04:56 | 000,000,000 | ---D | M] -- C:\Program Files\V CAST Music with Rhapsody
[2009/12/19 13:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2009/12/19 13:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Broadband Firefox Toolbar
[2009/12/19 13:47:08 | 000,000,000 | ---D | M] -- C:\Program Files\verizon_broad
[2009/10/06 23:51:55 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/02/29 00:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/05/27 01:23:58 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2010/08/11 18:43:06 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2009/11/04 02:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/11/04 02:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/11/04 02:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/01/15 13:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2009/11/04 02:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/03/21 17:58:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/21 17:58:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/13 13:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/15 19:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/11/04 02:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/04 02:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/11/09 18:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/04/27 00:20:05 | 000,000,000 | ---D | M] -- C:\Program Files\WinTV
[2010/07/28 13:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/05/24 18:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-29 16:26:26

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3E2028C8

< End of report >
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby icecream90 » November 2nd, 2010, 2:29 am

OTL Extras logfile created on: 11/1/2010 9:31:03 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\CAllen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.28 Gb Total Space | 27.90 Gb Free Space | 20.32% Space Free | Partition Type: NTFS
Drive D: | 11.77 Gb Total Space | 1.99 Gb Free Space | 16.91% Space Free | Partition Type: NTFS

Computer Name: CALLEN-PC | User Name: CAllen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BBE2F4-0C77-43B6-8065-89DB42C33DA1}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{0862F81F-C94B-489D-883C-33EE9AF6B509}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AB3E4A8-ABF5-4252-858F-685B37A52A5A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D47CDA0-4F27-4DE7-8B09-C23066D509DD}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0DC8BE64-C6B7-4056-8A8B-3A743FF9A01E}" = rport=139 | protocol=6 | dir=out | app=system |
"{1178D0AF-EBB6-40AD-92B1-34FF0B3ABA6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12C929E3-1016-4D66-A555-B4E95740225E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B87EA91-D1F0-4960-B08F-E01181832D5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1CE8EAE7-A88C-47DD-9428-4157F9EA4F6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DAD6F6A-E9C5-4379-9A1D-6B07C46B1A3F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1F24C436-9B1E-4EC0-B413-C03006EA4654}" = rport=445 | protocol=6 | dir=out | app=system |
"{20EA2197-0EB6-4CFB-8C0C-49A7C8F328B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22101442-2D56-47D4-83D5-573299B4D3B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2555BFE5-636A-4868-A8CA-0DB664643894}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2929E50B-4FC4-412B-A1C6-5154785A2685}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{347624FD-4094-469B-BDE5-86673039ADF9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{3D292A39-3B1A-489C-8329-19F5E896A2B8}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D294038-CAC0-4CF4-A74F-149A04480763}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{42DA61A9-F74C-4CA4-9153-4800F3B679C1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{45040442-1B9B-454E-BF17-06F0956E82A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51AE4A34-604A-4FDB-B5C6-4831CAD2E594}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F7ACAF0-7148-4481-BC7F-7139140C7D7A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6F748226-F037-4535-A088-89BD9292849B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70409D1F-0514-4078-B29B-6BB92FBC30DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7863355F-B5D9-4ECF-9902-0BB31347175E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A271997-D880-4ECC-8F0D-3F90C2F728AE}" = lport=137 | protocol=17 | dir=in | app=system |
"{7BB00E43-957E-4E83-9F27-EF289B60D627}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F69F033-9692-44FC-B7E3-14F227BDDF08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83E0A7DB-1B36-4320-932E-03192AB88EC6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{85FD8614-78E6-40C0-9607-1BD7F191C863}" = lport=3390 | protocol=6 | dir=in | app=system |
"{91F07C9C-B79C-4B7A-972C-BDB2947A63E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9699DD13-78B3-46D2-8095-4685B4AAB6EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A15AC605-C331-4E6F-988A-96F9594551C1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4862EC2-30EE-4777-B44C-98C0F36C5F22}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B0A3EF09-AA78-4FE1-94A7-FD1F3A5DBB03}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B1733DA2-BBF3-4786-8B23-2DDFA1A6DDDF}" = rport=137 | protocol=17 | dir=out | app=system |
"{B43DE12C-D83D-45A6-8166-1044C92A64E0}" = lport=138 | protocol=17 | dir=in | app=system |
"{B575A1F8-7116-42DD-8BA2-94F4F1E82C5A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B626F841-3FAB-4D38-8DD5-DA1AD8FB148E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA0B6A4C-0CB0-43F3-8BA0-9C1DCDA4E136}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C8A11B4A-FD6C-4D9A-A543-2C3AB2B24AD8}" = lport=54056 | protocol=6 | dir=in | name=akamai netsession interface |
"{CE3A0B7D-4987-4E9F-823D-D1B3ED5FCAFE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0007ED4-0129-48AB-9AA7-59C67EB07AF6}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DC940886-C03C-4E3A-B258-25A26828BD46}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1436B3F-DD75-4F29-AAB9-BC4F0494E464}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB2482F8-0C9D-4B0B-A1B4-1383056F9AAC}" = rport=138 | protocol=17 | dir=out | app=system |
"{F2C2E421-CBBE-4EA8-BE59-EBEB8C88383A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF5554AC-6F1C-46DC-86E5-3C11F31D6BCF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DAC9ED-8BB0-47F0-856A-73B695EE00B1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{05AA0D1C-F7D1-4E4B-B09D-87D3DF8E86F2}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{0A22178B-C5CD-4868-A8BA-B91A7681A0E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BD198F0-C308-41DD-8000-917E4E3D9121}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1390513D-FF54-45C7-AF45-5A856A67A5D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{167BE05E-A65C-476A-A01B-C3B1D78BD124}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{192F4350-E24D-454F-B7AA-CCBA1F55B1CA}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{1DF0CD5D-85F1-4430-85D9-823C32F65D56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20DDB073-69C7-4A40-8937-2F979F13951E}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{21331DD3-84F3-49D2-9984-AC5885C35E97}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{263A3FC4-8FD4-4143-A56C-76952865D20A}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
"{27005A27-CCD4-4DB7-8D83-736B07A831D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2897B09C-F214-462C-B617-5A0816B3F5B4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2ACA0E47-0B1A-4A71-8E1B-429B1D43044F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2DF3A978-6D9A-4705-B3F9-5428E41D68C4}" = protocol=6 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{359E87B0-6744-4D3D-AA97-829CEB0C5F1B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3BD5CE79-4436-4204-921D-1B8E51162E77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3D196F01-2A40-4A9F-BBF0-8CEE19B8B7C8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3F2D9811-D67C-4A3E-94C2-C8A4B6A29B10}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3FA05ACC-9426-484E-AAB5-874DBF0D3EBF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{407241F3-71C6-4CD0-9B9B-5D583C83141D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{44D7E0AE-5D41-4762-9AF4-85EBD9756E97}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{49E1D8DC-1AEC-485A-882E-072A9FE5633D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4A0E8B04-3E5C-412A-9084-50AF5E93D5C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D3A51EC-7525-4E84-AC07-44DDE852FCAF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{50219F1F-A2B1-4D11-899D-39C47B35ECF5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5035564D-65AB-44F7-8316-83C7AF6DDAE1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{505D8E7A-4BB1-4FD4-A73E-02A96164BEF3}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5A56007E-1165-49C2-A8FA-70D4EA6A595F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5B34C94E-83F9-411F-A0B7-E788F0B6E1FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5FAC5E82-A7ED-4974-ADDE-35E7B3107A05}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{60EE9737-87E5-4EEA-ABF7-5FD520A09E15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{654E0CEE-A297-4719-8778-E49A092A41E8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6BF6FEDC-AE56-4AA1-BD01-6FB8ED72131B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75795F67-7CD2-435A-8C02-45B68501F9B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{792053EA-5124-4E7B-8218-E62F2A22A4F0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7A7A7CAD-1572-442A-9D7B-5CA54B1A287D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B94C225-0B30-483C-8E93-D05F277FC9F8}" = protocol=6 | dir=out | app=system |
"{7C154DA9-96B9-4480-91C3-8FC2F9E01536}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7FF4A6A7-FEDC-4E2E-9AA7-10CA0B83A6FB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8097E07C-0AE5-48D4-9A09-BFF9780628ED}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8CDC4DDC-D44E-40A4-8477-BE0A77B1EE00}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9C3E5D56-105E-4359-85F7-5D3E2D94B80F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E5B5C68-5F1E-45BB-BE66-FB0EEC71758E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A14E8050-1D7E-4495-B589-37548D421AAE}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{A2ABF62C-7275-438F-864D-2E9077B19535}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A346EBF2-8954-43C9-8EF0-E4CF113766C0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A72F0F6D-EFE0-4F91-A29B-F2D541C84095}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A9AAFC9D-2385-4528-8147-2519D1E2E1D5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ACE79C0C-21A9-4443-8313-E2B400B9DBD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AD9A4F22-7A64-4D3E-8B96-7D4FA2208465}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B744880F-370A-4B5C-9C2E-38ED4117D6B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA23DFB2-8F7D-4DF0-B1BF-C3E7C19A422B}" = protocol=17 | dir=in | app=c:\program files\verizon\vsp\servicepointservice.exe |
"{BD162C0E-ECBE-4908-9821-961CB86CF48C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD3E60CD-3B22-46FF-8B02-B4924A5ACE6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C12FA925-E63A-4B2E-B4A5-502319419698}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C1BC1D0B-0E88-4473-8A94-8DBD768D8B13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA2BA3DC-4E7E-462C-94E4-AB20A9506C3B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D48AC0BF-1347-41A0-BB66-5EB0F90D749E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D78EC643-0526-47EC-A69B-45A8B59A3C5E}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{E688B815-5C57-4E16-9430-C76204EA1B4D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EB15CD0A-D009-44CE-8D41-FBCFEB5A258F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EC024E9C-4A8F-4C07-B803-C9D7CDFC84D3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EF1CDCD4-155D-4F98-8C7B-D75C7898D11E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7F2429A-7C03-4A9D-90F4-B2B247296A65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7F3015E-6488-42AF-928E-A7650FED40E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F87F295F-D795-4C1B-98E2-E0955B847972}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FA68AEC2-F352-4337-AB0D-991D8FB54BD9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF4689B5-7905-4B09-A5C1-CB2F69F4F638}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{31FBECD4-59A6-4D70-99D1-1AD2F6ECCC26}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{EA2A916C-32F9-43B9-9019-19D45F9B6076}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3AEC462C-E6A7-498D-BA3F-6246E9D1659F}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{B7AEDF43-7D0A-4A0A-A8D0-4C0FC3288ED9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{470E9A78-A276-46EB-85F1-05625C766889}" = HTC Sync
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 9" = FL Studio 9
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Hardcore" = Hardcore
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IL Download Manager" = IL Download Manager
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.5.48 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP3 Converter Simple" = MP3 Converter Simple
"MSNINST" = MSN
"Netgear Live Parental Controls Management Utility" = NETGEAR Live Parental Controls Management Utility 2.0b44
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"Reason4_is1" = Reason 4.0
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.2
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1860400135-879163118-3456586307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2009 10:26:22 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:22 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:22 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:22 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:22 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:25 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:25 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:26 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:26 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2009 10:26:26 AM | Computer Name = CAllen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 9/25/2008 9:24:27 PM | Computer Name = CAllen-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 11/13/2008 1:17:53 PM | Computer Name = CAllen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 1/8/2009 4:45:45 PM | Computer Name = CAllen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/10/2009 12:44:25 AM | Computer Name = CAllen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/25/2009 5:41:36 PM | Computer Name = CAllen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/25/2009 5:42:13 PM | Computer Name = CAllen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/27/2009 6:34:59 PM | Computer Name = CAllen-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/4/2009 9:44:12 PM | Computer Name = CAllen-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 9/8/2009 9:32:49 PM | Computer Name = CAllen-PC | Source = McrMgr | ID = 107
Description =

Error - 10/11/2009 11:44:37 PM | Computer Name = CAllen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/27/2010 12:28:38 PM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/27/2010 12:29:26 PM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/29/2010 12:22:32 PM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2010 12:22:32 PM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2010 12:22:32 PM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2010 12:23:18 PM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/31/2010 11:31:20 AM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/31/2010 11:31:20 AM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/31/2010 11:31:20 AM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/31/2010 11:32:16 AM | Computer Name = CAllen-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby icecream90 » November 2nd, 2010, 2:31 am

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-02 02:21:42
Windows 6.0.6002 Service Pack 2
Running: 0k9joezv.exe; Driver: C:\Users\CAllen\AppData\Local\Temp\uxryrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E402360, 0x35B042, 0xE8000020]
.text bridge.sys 8DFB3462 519 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]
? C:\Users\CAllen\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74367817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7436BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7435F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7435E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74398395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7436DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7435FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7435FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [743ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7438C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7435D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74356853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7435687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74362AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!Sleep] C35B5E5F
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 04244C8B
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!CreateDirectoryW] 060441F7
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] B8000000
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!CloseHandle] 00000001
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!SetConsoleMode] 448B3374
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!OpenEventW] 488B0824
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!LoadLibraryW] E8C83308
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetProcessVersion] FFFFB095
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!MoveFileW] 18688B55
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetModuleHandleA] FF0C70FF
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetCurrentProcess] 70FF1070
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FF3EE814
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] C483FFFF
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!InterlockedExchange] 448B5D0C
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetModuleHandleW] 548B0824
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!ExitProcess] 02891024
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 000003B8
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!DeleteFileW] 8B55C300
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!LocalAlloc] 8B08244C
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!WriteFile] 1C71FF29
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!TerminateProcess] FF1871FF
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetTickCount] 83FFFFFF
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!lstrcmpW] C25D0CC4
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 56550004
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!lstrlenW] EA8B5357
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!CreateFileW] DB33C033
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!FreeLibrary] F633D233
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetVersionExA] D1FFFF33
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetProcAddress] 5D5E5F5B
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!LoadLibraryExW] 8BEA8BC3
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!WaitForSingleObject] 6AC18BF1
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 63E3E801
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!EnumUILanguagesW] C0330000
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C933DB33
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!LocalFree] FF33D233
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [KERNEL32.dll!GetModuleFileNameW] 8B55E6FF
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [DDRAW.dll!DirectDrawCreateClipper] 006A006A
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [SHELL32.dll!SHGetFolderPathAndSubDirW] 3FE85100
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [SHELL32.dll!SHSetLocalizedName] 5F000082
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [SHLWAPI.dll!StrCmpNW] 246C8B55
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [SHLWAPI.dll!StrStrW] FF515208
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [SHLWAPI.dll!PathFindFileNameW] E8142474
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [SHLWAPI.dll!PathFileExistsW] FFFFFEB4
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [ntdll.dll!RtlUnwind] 8B0008C2
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [CRYPT32.dll!CryptEncodeObjectEx] 08758B56
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [CRYPT32.dll!CryptEnumOIDInfo] 3BFF3357
IAT C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe[21456] @ C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe [CRYPT32.dll!CryptEncodeObject] E81D75F7

---- EOF - GMER 1.0.15 ----
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 2nd, 2010, 5:08 am

You have a driver on your computer that is symptomatic of the TDL rootkit ....

DRV - [2009/12/28 20:13:23 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\atapi.tsk -- (atapi)


.... but I don't see any other corroborating signs in the logs we've run.

There are a whole lot of things we need to take care of on your computer, however TDL is a serious infection, so I'd like to deal with that first and ensure you're not infected with it before we deal with the other things.

  • Please Download TDSSKiller.exe and save it on your desktop.
  • Important!: Run this fix once and once only.
  • Right-click TDSSKiller.exe and select " Run as administrator " to run it.
  • Click Start Scan.
  • If it finds anything it will prompt you to Cure it. Do not do so at this point, instead choose Skip from the drop down menu.
  • Click Continue and a log should be produced. If not click on the Report button.
  • Please post the contents of that log in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 2nd, 2010, 4:40 pm

I ran the scan but it didnt find anything
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 4th, 2010, 9:40 am

Can you post the log please.

Sorry I didn't get notification of your reply, I'll get back to you ASAP.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby Gary R » November 4th, 2010, 9:51 am

Sorry I'm late getting back to you, as I said I didn't get notification of your reply, it was only when I looked just now that I found you'd replied, my apologies.

OK let's take care of the things I found in your OTL log and go on from there .....

First

Please go to Control Panel > Programs > Uninstall a Program and Uninstall the following:

Java(TM) 6 Update 18
µTorrent


Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Users\CAllen\AppData\Local\temp\dwm.exe
C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe
C:\Program Files\Spybot - Search & Destroy
C:\Users\CAllen\AppData\Roaming\LimeWire
C:\Users\CAllen\AppData\Roaming\uTorrent
C:\Program Files\uTorrent
c:\program files\limewire
@C:\ProgramData\TEMP:3E2028C8

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [svchost] C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe ()
F3 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000 WinNT: Load - (C:\Users\CAllen\AppData\Local\Temp\dwm.exe) - C:\Users\CAllen\AppData\Local\temp\dwm.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O20 - HKU\S-1-5-21-1860400135-879163118-3456586307-1000 Winlogon: Shell - (C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe ()
O33 - MountPoints2\{0cde30e8-b881-11df-8bb0-001d7255e495}\Shell - "" = AutoRun
O33 - MountPoints2\{0cde30e8-b881-11df-8bb0-001d7255e495}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/28 20:13:23 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\atapi.tsk -- (atapi)
SRV - [2008/07/20 02:14:01 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableLUA"= dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DAC9ED-8BB0-47F0-856A-73B695EE00B1}"=-
"{359E87B0-6744-4D3D-AA97-829CEB0C5F1B}"=-
"{44D7E0AE-5D41-4762-9AF4-85EBD9756E97}"=-
"{8CDC4DDC-D44E-40A4-8477-BE0A77B1EE00}"=-
"{A346EBF2-8954-43C9-8EF0-E4CF113766C0}"=-
"{CA2BA3DC-4E7E-462C-94E4-AB20A9506C3B}"=-
"{E688B815-5C57-4E16-9430-C76204EA1B4D}"=-
"{EC024E9C-4A8F-4C07-B803-C9D7CDFC84D3}"=-

:Commands
[ResetHosts]
[EmptyTemp]
[EmptyFlash]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

I see you have Malwarebytes Anti-Malware installed ......

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • MBAM log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

PS. I'll be checking your topic manually for replies.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 4th, 2010, 2:32 pm

Ok I ran the OTL program and it rebooted my computer but it said they were start up problems when it rebooted so when I logged back in the new programs I had downloaded from here seem to be gone and java and uTorrent are back after I uninstalled them
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 4th, 2010, 4:19 pm

Go to C:\_OTL\Moved Files where you should find a file ddmmyyyy_hhmmss.log (where the dmyhms represent numbers for the date and time you ran the fix).

Please post me the contents of that log file.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 331 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware