Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Do I have a Virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Do I have a Virus?

Unread postby blah9 » January 14th, 2012, 8:53 pm

My Computer's been really slow at times, do I have a virus?

Thanks for review.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by theodore trueheart at 20:35:03 on 2012-01-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.2017 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80501&lng=en
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx ... 501&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_custom ... tbid=80501
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\theodo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\theodo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Custom ... anager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\theodore trueheart\appdata\roaming\mozilla\firefox\profiles\5khbnlvz.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80291&lng=en
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatc ... ge=en&qkw=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\rebateinformer\firefox\components\FFRebateI.dll
FF - component: c:\users\theodore trueheart\appdata\roaming\mozilla\firefox\profiles\5khbnlvz.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\1\NP_wtapp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: AppGraffiti: AppGraffiti@AppGraffiti.com - %profile%\extensions\AppGraffiti@AppGraffiti.com
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-11-1 310320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-16 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-16 320856]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-11-1 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-11-1 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSvix86.sys [2009-10-18 342576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-16 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-16 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-16 44768]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-11 106104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-17 136176]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-17 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-11-1 117640]
.
=============== Created Last 30 ================
.
2012-01-13 23:40:38 -------- d-----w- c:\users\theodore trueheart\appdata\local\ODUI
2012-01-13 23:40:29 -------- d-----w- c:\users\theodore trueheart\appdata\local\Stardock
2012-01-13 23:40:22 -------- d-----w- c:\users\theodore trueheart\appdata\roaming\Stardock
2012-01-13 23:40:18 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2012-01-13 23:40:13 -------- d-----w- c:\program files\Stardock
2012-01-13 23:25:12 -------- d-----w- c:\users\theodore trueheart\appdata\local\PackageAware
2012-01-10 01:33:51 -------- d-----w- c:\users\theodore trueheart\appdata\roaming\Malwarebytes
2012-01-10 01:33:45 -------- d-----w- c:\programdata\Malwarebytes
2012-01-10 01:22:53 -------- d-----w- c:\program files\WinPcap
2011-12-16 20:06:37 -------- d-----w- c:\program files\Windows Portable Devices
2011-12-16 19:51:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-15 22:01:42 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-12-15 22:01:41 17920 ----a-w- c:\windows\system32\netevent.dll
2011-12-15 22:01:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 22:01:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 22:01:15 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-15 22:01:15 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-15 22:01:15 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-15 22:01:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-15 22:01:12 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-12-15 22:01:02 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-12-15 22:00:35 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 22:00:27 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-12-15 22:00:27 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-12-15 22:00:27 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-12-15 21:59:51 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-12-15 21:59:48 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-15 21:58:53 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 21:58:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 21:58:48 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 21:58:40 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 21:58:23 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-12-15 21:58:23 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-12-15 21:58:23 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-12-15 21:58:22 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-15 21:57:58 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-12-15 21:49:35 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-12-15 21:24:40 644368 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2011-11-17 23:50:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-17 23:49:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-17 20:25:29 98816 ----a-w- c:\windows\system32\mfps.dll
2011-11-17 20:23:36 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-11-17 20:23:36 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-11-17 20:23:36 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-11-17 20:23:36 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-11-17 20:23:36 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-11-17 20:23:35 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-11-17 20:23:35 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-11-17 20:23:35 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 20:36:41.50 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2009 10:42:07 AM
System Uptime: 1/13/2012 8:33:20 PM (0 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Athlon Dual-Core QL-64 | Socket A | 2100/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 179.962 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.83 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player
AppGraffiti
Atheros Driver Installation Program
avast! Free Antivirus
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
Driver Detective
ESU for Microsoft Vista
FrostWire 4.20.7
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Inbox Toolbar
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
Masque IGT Slots Wolf Run
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mobile Broadband Generic Drivers
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Mysteries of Cleopatra
NetWaiting
Norton Internet Security
NVIDIA Drivers
ObjectDock Free
Power2Go
PowerDirector
PVSonyDll
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
Treasures of the Far East
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Verizon Wireless USB760 Firmware Updates
VZAccess Manager
WildTangent Games App (HP Games)
WinPcap 4.1.1
World Series Of Poker
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 8:37:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00265E0C6FEE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/13/2012 8:34:06 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/13/2012 8:33:42 PM, Error: EventLog [6008] - The previous system shutdown at 8:32:40 PM on 1/13/2012 was unexpected.
1/10/2012 8:10:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm
Advertisement
Register to Remove

Re: Do I have a Virus?

Unread postby askey127 » January 16th, 2012, 9:23 am

Looking at your log.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Do I have a Virus?

Unread postby askey127 » January 16th, 2012, 9:45 am

Hi blah9,
I don't know yet whether your computer is infected, but there are some obvious issues that need to be corrected.
You have a P2P program installed, and you have two antivirus programs running at once.
Please just follow these steps, one at a time. Let me know of any problems.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Frostwire in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
First, Turn ON System restore for the C: drive. See here: http://windows.microsoft.com/en-US/wind ... -on-or-off
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 9.2
FrostWire 4.20.7
Java(TM) 6 Update 7
(Do not remove any other Java entries)

Now, Remove only ONE of the two programs below. If Norton is up to date and paid for, remove Avast. Otherwise, remove Norton.
avast! Free Antivirus
Norton Internet Security


Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE to download AdbeRdr1011_en_US.exe
Save the file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Do I have a Virus?

Unread postby blah9 » January 16th, 2012, 8:52 pm

Thanks I have done what you ask. See Below.





OTL logfile created on: 1/16/2012 7:39:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 68.84% Memory free
5.70 Gb Paging File | 4.95 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.96 Gb Total Space | 177.67 Gb Free Space | 80.05% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.65 Gb Free Space | 98.03% Space Free | Partition Type: FAT32

Computer Name: THEODORETRUE-PC | User Name: theodore trueheart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 19:23:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/10/06 15:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 14:46:24 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/12/16 15:14:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/12/16 15:14:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/12/16 15:12:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/12/16 15:12:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/10/04 12:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\zlib.dll
MOD - [2010/10/04 12:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\CrashRpt.dll
MOD - [2010/10/04 12:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\DockShellHook.dll
MOD - [2010/10/04 12:54:22 | 000,094,208 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\Docklets\Clock\Clock.dll
MOD - [2008/09/23 19:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 15:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/12/18 14:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 14:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/25 17:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/20 02:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/08 18:05:16 | 000,003,328 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80501
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 501&lng=en


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80501&lng=en
IE - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.inbox.com/homepage.aspx?tbid=80291&lng=en"
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.16
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.2.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.24
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80291&language=en&qkw="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/16 13:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/28 21:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 19:27:51 | 000,000,000 | ---D | M]

[2010/09/28 21:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Extensions
[2012/01/05 17:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions
[2012/01/05 17:38:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/11 17:44:31 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\AppGraffiti@AppGraffiti.com
[2011/12/16 15:15:23 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\inboxcomtoolbar@inbox.com
[2011/08/11 17:45:09 | 000,002,292 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\searchplugins\inbox-search.xml
[2011/11/17 19:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/17 18:51:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/16 13:50:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\PROGRAM FILES\REBATEINFORMER\FIREFOX
[2011/11/17 18:50:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Gmail = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Custom ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bf81b81-d430-11e0-a81b-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf81b81-d430-11e0-a81b-001f16dff9df}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{b488cbcb-781e-11df-a478-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b488cbcb-781e-11df-a478-001f16dff9df}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{b488cc08-781e-11df-a478-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b488cc08-781e-11df-a478-001f16dff9df}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 19:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/13 20:33:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/13 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\ODUI
[2012/01/13 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\Documents\Stardock
[2012/01/13 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\Stardock
[2012/01/13 18:40:22 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Roaming\Stardock
[2012/01/13 18:40:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2012/01/13 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012/01/13 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2012/01/13 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\PackageAware
[2012/01/13 18:24:06 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\Documents\OneNote Notebooks
[2012/01/09 20:33:51 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Roaming\Malwarebytes
[2012/01/09 20:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/09 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/01/09 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

========== Files - Modified Within 30 Days ==========

[2012/01/16 19:28:17 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/16 19:28:17 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/16 19:27:51 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/16 19:24:01 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/01/16 19:24:00 | 000,033,201 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/16 19:23:59 | 000,033,201 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/16 19:23:55 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 19:23:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 19:23:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 19:23:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 19:23:28 | 2951,110,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 19:07:55 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/13 20:33:36 | 368,527,542 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/13 18:40:29 | 000,001,837 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012/01/13 18:24:06 | 000,001,071 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/09 19:49:03 | 000,001,931 | ---- | M] () -- C:\Users\theodore trueheart\Desktop\Google Chrome.lnk
[2012/01/09 19:49:03 | 000,001,915 | ---- | M] () -- C:\Users\theodore trueheart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\sekowasa
[2012/01/16 19:27:51 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/16 19:27:51 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/13 20:33:36 | 368,527,542 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/13 18:40:29 | 000,001,837 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012/01/13 18:24:06 | 000,001,071 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/09 19:49:03 | 000,001,931 | ---- | C] () -- C:\Users\theodore trueheart\Desktop\Google Chrome.lnk
[2011/11/17 09:15:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/17 09:15:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/16 13:19:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/14 13:56:46 | 000,007,592 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Local\d3d9caps.dat
[2010/02/24 15:49:02 | 000,008,068 | -HS- | C] () -- C:\Users\theodore trueheart\AppData\Local\GGru612642m
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/29 23:19:19 | 000,033,201 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/29 23:03:27 | 000,033,201 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/19 10:21:13 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/19 09:47:38 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/04/20 15:18:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/08 18:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,314,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 18:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2012/01/16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\FrostWire
[2009/10/21 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\funkitron
[2011/01/23 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Gamelab
[2009/10/30 21:27:53 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\iWin
[2009/08/29 23:03:23 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Ludia
[2011/01/13 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Masque
[2009/10/30 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\PlayFirst
[2010/11/17 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Smith Micro
[2012/01/13 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Stardock
[2011/10/04 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Tific
[2012/01/16 19:22:39 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >








OTL Extras logfile created on: 1/16/2012 7:39:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 68.84% Memory free
5.70 Gb Paging File | 4.95 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.96 Gb Total Space | 177.67 Gb Free Space | 80.05% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.65 Gb Free Space | 98.03% Space Free | Partition Type: FAT32

Computer Name: THEODORETRUE-PC | User Name: theodore trueheart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2491808003-375931106-4055884355-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{245C4170-1B2A-4A64-B4FF-C4E85251253E}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{2B09B697-B95A-45F6-8FD0-E924E9037178}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{2CB10781-247D-4A0C-8A10-563E519E0E2E}" = protocol=6 | dir=in | app=c:\users\theodore trueheart\appdata\local\temp\7zsfef6.tmp\symnrt.exe |
"{2E0C37A0-86C0-4237-8928-76DB2DC8C702}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5BDCD423-47A6-4BE3-8FB7-B445CF63FFE5}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7FD2ABD4-99A4-42CD-93C8-B6EE4F166517}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF24E588-8FC0-4861-BE68-1AC241ACCB87}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{FC63A8AF-946A-44F3-B2ED-8AD955937BE6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FFBE4B4A-F1E6-45CE-AF58-BD1EFF1018AA}" = protocol=17 | dir=in | app=c:\users\theodore trueheart\appdata\local\temp\7zsfef6.tmp\symnrt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0346D86C-D5F6-41FF-949B-01329CA424ED}" = Mysteries of Cleopatra
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FF660F4-147B-48CB-B824-2B595759D9EF}" = VZAccess Manager
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{629CCE02-041D-4577-892C-577861181771}" = Verizon Wireless USB760 Firmware Updates
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7C0BF6E9-7021-46E4-87B3-4C4587256A22}" = Masque IGT Slots Wolf Run
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D7A82A10-603C-41EC-A427-0E4345B153F3}" = Treasures of the Far East
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock Free" = ObjectDock Free
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games
"WinPcapInst" = WinPcap 4.1.1
"World_Series_Of_Poker_1.0" = World Series Of Poker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2011 3:38:08 PM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2011 7:04:57 PM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2011 6:58:38 PM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2011 7:00:44 PM | Computer Name = theodoretrue-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module msxml3.dll, version 8.100.5003.0, time stamp 0x4c126143,
exception code 0xc0000005, fault offset 0x0003991b, process id 0xd1c, application
start time 0x01ccc746cd4d40a0.

Error - 12/31/2011 7:23:39 PM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/2/2012 11:49:46 AM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/5/2012 6:22:09 PM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2012 8:39:21 PM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2012 7:53:42 AM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2012 9:13:41 PM | Computer Name = theodoretrue-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/17/2011 9:24:18 AM | Computer Name = theodoretrue-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/17/2011 9:47:34 AM | Computer Name = theodoretrue-PC | Source = DCOM | ID = 10010
Description =


< End of report >
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Do I have a Virus?

Unread postby askey127 » January 16th, 2012, 9:27 pm

blah9,
One of these is a Downloader trojan.
To be most safe, you should assume that any account numbers , usernames, or passwords run through this machine have been stolen, and act accordingly.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    [2012/01/16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\FrostWire
    [2005/08/26 18:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
    O3 - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    [2012/01/05 17:38:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    IE - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
    [2011/11/17 18:50:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    O3 - HKU\S-1-5-21-2491808003-375931106-4055884355-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Do I have a Virus?

Unread postby blah9 » January 18th, 2012, 8:19 am

Wow thank you so much!!!!!!!!!!!!!!!!!!!

Here's the log you requested.


OTL logfile created on: 1/18/2012 7:03:17 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 72.36% Memory free
5.70 Gb Paging File | 5.03 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.96 Gb Total Space | 178.40 Gb Free Space | 80.38% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.65 Gb Free Space | 98.02% Space Free | Partition Type: FAT32

Computer Name: THEODORETRUE-PC | User Name: theodore trueheart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 19:23:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/06 15:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 14:46:24 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/12/16 15:14:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/12/16 15:14:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/12/16 15:12:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/12/16 15:12:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/10/04 12:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\zlib.dll
MOD - [2010/10/04 12:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\CrashRpt.dll
MOD - [2010/10/04 12:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\DockShellHook.dll
MOD - [2010/10/04 12:54:22 | 000,094,208 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\Docklets\Clock\Clock.dll
MOD - [2008/09/23 19:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 15:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/12/18 14:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 14:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/25 17:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/20 02:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/08 18:05:16 | 000,003,328 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80501
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 501&lng=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80501&lng=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.inbox.com/homepage.aspx?tbid=80291&lng=en"
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.16
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.2.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.24
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80291&language=en&qkw="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/16 13:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/28 21:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/18 06:51:23 | 000,000,000 | ---D | M]

[2010/09/28 21:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Extensions
[2012/01/05 17:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions
[2012/01/05 17:38:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/11 17:44:31 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\AppGraffiti@AppGraffiti.com
[2011/12/16 15:15:23 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\inboxcomtoolbar@inbox.com
[2011/08/11 17:45:09 | 000,002,292 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\searchplugins\inbox-search.xml
[2011/11/17 19:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/17 18:51:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/16 13:50:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\PROGRAM FILES\REBATEINFORMER\FIREFOX

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Gmail = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/18 06:54:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Custom ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bf81b81-d430-11e0-a81b-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf81b81-d430-11e0-a81b-001f16dff9df}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{b488cbcb-781e-11df-a478-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b488cbcb-781e-11df-a478-001f16dff9df}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{b488cc08-781e-11df-a478-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b488cc08-781e-11df-a478-001f16dff9df}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 19:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/13 20:33:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/13 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\ODUI
[2012/01/13 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\Documents\Stardock
[2012/01/13 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\Stardock
[2012/01/13 18:40:22 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Roaming\Stardock
[2012/01/13 18:40:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2012/01/13 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012/01/13 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2012/01/13 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\PackageAware
[2012/01/13 18:24:06 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\Documents\OneNote Notebooks
[2012/01/09 20:33:51 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Roaming\Malwarebytes
[2012/01/09 20:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/09 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/01/09 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

========== Files - Modified Within 30 Days ==========

[2012/01/18 07:08:12 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/18 07:08:12 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/18 07:02:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/18 07:01:10 | 000,033,201 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/18 07:01:09 | 000,033,201 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/18 07:01:08 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/01/18 07:01:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/18 07:00:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 07:00:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 07:00:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/18 07:00:37 | 2951,016,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 06:54:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/16 19:27:51 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/13 20:33:36 | 368,527,542 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/13 18:40:29 | 000,001,837 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012/01/13 18:24:06 | 000,001,071 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/09 19:49:03 | 000,001,931 | ---- | M] () -- C:\Users\theodore trueheart\Desktop\Google Chrome.lnk
[2012/01/09 19:49:03 | 000,001,915 | ---- | M] () -- C:\Users\theodore trueheart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\sekowasa
[2012/01/16 19:27:51 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/16 19:27:51 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/13 20:33:36 | 368,527,542 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/13 18:40:29 | 000,001,837 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012/01/13 18:24:06 | 000,001,071 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/09 19:49:03 | 000,001,931 | ---- | C] () -- C:\Users\theodore trueheart\Desktop\Google Chrome.lnk
[2011/11/17 09:15:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/17 09:15:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/16 13:19:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/14 13:56:46 | 000,007,592 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Local\d3d9caps.dat
[2010/02/24 15:49:02 | 000,008,068 | -HS- | C] () -- C:\Users\theodore trueheart\AppData\Local\GGru612642m
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/29 23:19:19 | 000,033,201 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/29 23:03:27 | 000,033,201 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/19 10:21:13 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/19 09:47:38 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/04/20 15:18:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/08 18:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,314,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe

========== LOP Check ==========

[2012/01/16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\FrostWire
[2009/10/21 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\funkitron
[2011/01/23 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Gamelab
[2009/10/30 21:27:53 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\iWin
[2009/08/29 23:03:23 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Ludia
[2011/01/13 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Masque
[2009/10/30 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\PlayFirst
[2010/11/17 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Smith Micro
[2012/01/13 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Stardock
[2011/10/04 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Tific
[2012/01/18 06:59:43 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Do I have a Virus?

Unread postby askey127 » January 18th, 2012, 10:03 am

blah9,
You may be well served if you Uninstall the Inbox toolbar.
This toolbar just wants you to download some of their junk software/foistware, for which they are paid.
Like most toolbars, this is primarily for the benefit of the purveyor, not you.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :file
    C:\ProgramData\sekowasa
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    [2012/01/16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\FrostWire
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
----------------------------------------------

I notice you have VZAccess manager running automatically from your flash drive(s). What do you use this for?

So we are expecting to see the latest OTL.txt after the fix, the content of SystemLook.txt, and let me know what you can about the toolbar and the flash drive(s).
Thanks
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Do I have a Virus?

Unread postby blah9 » January 18th, 2012, 9:23 pm

VZAccess is a program that works with my Verizon Wireless USB adapter to connect to the internet. I installed this program on purpose so I could use my Verizon air card. I'd prefer to keep that one around :mrgreen:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:07 on 18/01/2012 by theodore trueheart
Administrator - Elevation successful

========== file ==========

C:\ProgramData\sekowasa - File found and opened.
MD5: 82CB45C4BB691AD9125406DB55E9D256
Created at 00:26 on 01/01/1601
Modified at 20:51 on 24/02/2010
Size: 6456 bytes
Attributes: --ah---
No version information available.

-= EOF =-



OTL logfile created on: 1/18/2012 8:10:40 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 71.77% Memory free
5.70 Gb Paging File | 5.00 Gb Available in Paging File | 87.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.96 Gb Total Space | 178.41 Gb Free Space | 80.38% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.65 Gb Free Space | 98.01% Space Free | Partition Type: FAT32

Computer Name: THEODORETRUE-PC | User Name: theodore trueheart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 19:23:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/05 12:04:58 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/06 15:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 14:46:24 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/12/16 15:14:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/12/16 15:14:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/12/16 15:12:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/12/16 15:12:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/10/04 12:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\zlib.dll
MOD - [2010/10/04 12:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\CrashRpt.dll
MOD - [2010/10/04 12:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\DockShellHook.dll
MOD - [2010/10/04 12:54:22 | 000,094,208 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\Docklets\Clock\Clock.dll
MOD - [2008/09/23 19:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 15:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/12/18 14:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 14:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/25 17:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/20 02:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/08 18:05:16 | 000,003,328 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80501
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 501&lng=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80501&lng=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.inbox.com/homepage.aspx?tbid=80291&lng=en"
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.16
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.2.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.24
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80291&language=en&qkw="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/16 13:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/28 21:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/18 06:51:23 | 000,000,000 | ---D | M]

[2010/09/28 21:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Extensions
[2012/01/05 17:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions
[2012/01/05 17:38:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/11 17:44:31 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\AppGraffiti@AppGraffiti.com
[2011/12/16 15:15:23 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\inboxcomtoolbar@inbox.com
[2011/08/11 17:45:09 | 000,002,292 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\searchplugins\inbox-search.xml
[2011/11/17 19:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/17 18:51:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/16 13:50:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\PROGRAM FILES\REBATEINFORMER\FIREFOX

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Gmail = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/18 06:54:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Custom ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bf81b81-d430-11e0-a81b-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf81b81-d430-11e0-a81b-001f16dff9df}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{b488cbcb-781e-11df-a478-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b488cbcb-781e-11df-a478-001f16dff9df}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{b488cc08-781e-11df-a478-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b488cc08-781e-11df-a478-001f16dff9df}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 19:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/13 20:33:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/13 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\ODUI
[2012/01/13 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\Documents\Stardock
[2012/01/13 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\Stardock
[2012/01/13 18:40:22 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Roaming\Stardock
[2012/01/13 18:40:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2012/01/13 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012/01/13 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2012/01/13 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\PackageAware
[2012/01/13 18:24:06 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\Documents\OneNote Notebooks
[2012/01/09 20:33:51 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Roaming\Malwarebytes
[2012/01/09 20:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/09 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/01/09 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

========== Files - Modified Within 30 Days ==========

[2012/01/18 20:10:11 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/01/18 20:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/18 20:09:56 | 000,033,201 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/18 20:09:56 | 000,033,201 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/18 20:09:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 20:09:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 20:09:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/18 20:09:32 | 2951,065,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 20:04:56 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/18 07:08:12 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/18 07:08:12 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/18 06:54:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/16 19:27:51 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/13 20:33:36 | 368,527,542 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/13 18:40:29 | 000,001,837 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012/01/13 18:24:06 | 000,001,071 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/09 19:49:03 | 000,001,931 | ---- | M] () -- C:\Users\theodore trueheart\Desktop\Google Chrome.lnk
[2012/01/09 19:49:03 | 000,001,915 | ---- | M] () -- C:\Users\theodore trueheart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\sekowasa
[2012/01/16 19:27:51 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/16 19:27:51 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/13 20:33:36 | 368,527,542 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/13 18:40:29 | 000,001,837 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012/01/13 18:24:06 | 000,001,071 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/09 19:49:03 | 000,001,931 | ---- | C] () -- C:\Users\theodore trueheart\Desktop\Google Chrome.lnk
[2011/11/17 09:15:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/17 09:15:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/16 13:19:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/14 13:56:46 | 000,007,592 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Local\d3d9caps.dat
[2010/02/24 15:49:02 | 000,008,068 | -HS- | C] () -- C:\Users\theodore trueheart\AppData\Local\GGru612642m
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/29 23:19:19 | 000,033,201 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/29 23:03:27 | 000,033,201 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/19 10:21:13 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/19 09:47:38 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/04/20 15:18:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/08 18:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,314,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe

========== LOP Check ==========

[2012/01/16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\FrostWire
[2009/10/21 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\funkitron
[2011/01/23 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Gamelab
[2009/10/30 21:27:53 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\iWin
[2009/08/29 23:03:23 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Ludia
[2011/01/13 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Masque
[2009/10/30 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\PlayFirst
[2010/11/17 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Smith Micro
[2012/01/13 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Stardock
[2011/10/04 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Tific
[2012/01/18 20:08:45 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Do I have a Virus?

Unread postby blah9 » January 18th, 2012, 9:27 pm

Oh i didn't see until afterwards that I had to manually uninstall inbox toolbar, I thought the script you had was going to do it automatically.

Any how I have done so now, inbox toolbar no more!
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Do I have a Virus?

Unread postby askey127 » January 19th, 2012, 9:12 am

blah9,
If any items are left over from the Inbox Toolbar, this will remove them.
You could see some changes in Home page or Search engine afterward.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    [2011/12/16 15:15:23 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\inboxcomtoolbar@inbox.com
    FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.2.0.4
    FF - prefs.js..browser.startup.homepage: "http://www.inbox.com/homepage.aspx?tbid=80291&lng=en"
    FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
    IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80501&lng=en
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80501
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 501&lng=en
    O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    
    :Files
    C:\ProgramData\sekowasa
    C:\Users\theodore trueheart\AppData\Roaming\FrostWire
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------------------------------
Run aswMBR
Download aswMBR.exe and save to your desktop.
Double click on aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click "save log". Save it to your desktop and post the contents in your next reply.

Tell me how it's running. Is the speed up to normal?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Do I have a Virus?

Unread postby blah9 » January 19th, 2012, 7:28 pm

The computer is running GGREEEAAAATTTT!!!! Thank you.

OTL logfile created on: 1/19/2012 6:16:22 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 72.20% Memory free
5.70 Gb Paging File | 5.01 Gb Available in Paging File | 87.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.96 Gb Total Space | 178.32 Gb Free Space | 80.34% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.83 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.65 Gb Free Space | 97.89% Space Free | Partition Type: FAT32

Computer Name: THEODORETRUE-PC | User Name: theodore trueheart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 19:23:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/05 12:04:58 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/06 15:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 14:46:24 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/12/16 15:14:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/12/16 15:14:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/12/16 15:12:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/12/16 15:12:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/10/04 12:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\zlib.dll
MOD - [2010/10/04 12:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\CrashRpt.dll
MOD - [2010/10/04 12:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\DockShellHook.dll
MOD - [2010/10/04 12:54:22 | 000,094,208 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockFree\Docklets\Clock\Clock.dll
MOD - [2008/09/23 19:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 15:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/12/18 14:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 14:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 14:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/25 17:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/20 02:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/08 18:05:16 | 000,003,328 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.16
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.24
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80291&language=en&qkw="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/16 13:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/28 21:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/18 06:51:23 | 000,000,000 | ---D | M]

[2010/09/28 21:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Extensions
[2012/01/18 20:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions
[2012/01/05 17:38:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/11 17:44:31 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\extensions\AppGraffiti@AppGraffiti.com
[2011/08/11 17:45:09 | 000,002,292 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Mozilla\Firefox\Profiles\5khbnlvz.default\searchplugins\inbox-search.xml
[2011/11/17 19:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/17 18:51:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/16 13:50:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\PROGRAM FILES\REBATEINFORMER\FIREFOX
File not found (No name found) -- C:\USERS\THEODORE TRUEHEART\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5KHBNLVZ.DEFAULT\EXTENSIONS\INBOXCOMTOOLBAR@INBOX.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Gmail = C:\Users\theodore trueheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/18 06:54:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Custom ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bf81b81-d430-11e0-a81b-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{5bf81b81-d430-11e0-a81b-001f16dff9df}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{b488cbcb-781e-11df-a478-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b488cbcb-781e-11df-a478-001f16dff9df}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{b488cc08-781e-11df-a478-001f16dff9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b488cc08-781e-11df-a478-001f16dff9df}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 19:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/13 20:33:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/13 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\ODUI
[2012/01/13 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\Documents\Stardock
[2012/01/13 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\Stardock
[2012/01/13 18:40:22 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Roaming\Stardock
[2012/01/13 18:40:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2012/01/13 18:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012/01/13 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2012/01/13 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Local\PackageAware
[2012/01/13 18:24:06 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\Documents\OneNote Notebooks
[2012/01/09 20:33:51 | 000,000,000 | ---D | C] -- C:\Users\theodore trueheart\AppData\Roaming\Malwarebytes
[2012/01/09 20:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/09 20:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/01/09 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

========== Files - Modified Within 30 Days ==========

[2012/01/19 18:15:45 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/01/19 18:15:33 | 000,033,201 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/19 18:15:33 | 000,033,201 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/19 18:15:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 18:15:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 18:15:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 18:14:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 18:14:54 | 2951,073,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 18:13:18 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/18 20:17:18 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/18 20:17:18 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/18 06:54:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/16 19:27:51 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/13 20:33:36 | 368,527,542 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/13 18:40:29 | 000,001,837 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012/01/13 18:24:06 | 000,001,071 | ---- | M] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/09 19:49:03 | 000,001,931 | ---- | M] () -- C:\Users\theodore trueheart\Desktop\Google Chrome.lnk
[2012/01/09 19:49:03 | 000,001,915 | ---- | M] () -- C:\Users\theodore trueheart\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/01/16 19:27:51 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/16 19:27:51 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/13 20:33:36 | 368,527,542 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/13 18:40:29 | 000,001,837 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012/01/13 18:24:06 | 000,001,071 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/09 19:49:03 | 000,001,931 | ---- | C] () -- C:\Users\theodore trueheart\Desktop\Google Chrome.lnk
[2011/11/17 09:15:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/17 09:15:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/16 13:19:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/14 13:56:46 | 000,007,592 | ---- | C] () -- C:\Users\theodore trueheart\AppData\Local\d3d9caps.dat
[2010/02/24 15:49:02 | 000,008,068 | -HS- | C] () -- C:\Users\theodore trueheart\AppData\Local\GGru612642m
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/29 23:19:19 | 000,033,201 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/29 23:03:27 | 000,033,201 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/19 10:21:13 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/07/19 09:47:38 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/04/20 15:18:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/08 18:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,314,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe

========== LOP Check ==========

[2012/01/16 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\FrostWire
[2009/10/21 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\funkitron
[2011/01/23 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Gamelab
[2009/10/30 21:27:53 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\iWin
[2009/08/29 23:03:23 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Ludia
[2011/01/13 17:02:16 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Masque
[2009/10/30 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\PlayFirst
[2010/11/17 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Smith Micro
[2012/01/13 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Stardock
[2011/10/04 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\theodore trueheart\AppData\Roaming\Tific
[2012/01/19 18:14:07 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 18:23:42
-----------------------------
18:23:42.078 OS Version: Windows 6.0.6002 Service Pack 2
18:23:42.078 Number of processors: 2 586 0x301
18:23:42.078 ComputerName: THEODORETRUE-PC UserName:
18:23:49.613 Initialize success
18:23:49.769 AVAST engine defs: 12010901
18:23:58.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
18:23:58.957 Disk 0 Vendor: SAMSUNG_HM250HI 2AC101C4 Size: 238475MB BusType: 3
18:23:58.973 Disk 0 MBR read successfully
18:23:58.973 Disk 0 MBR scan
18:23:58.988 Disk 0 unknown MBR code
18:23:59.004 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227289 MB offset 2048
18:23:59.082 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11182 MB offset 465489920
18:23:59.082 Disk 0 scanning sectors +488390656
18:23:59.144 Disk 0 scanning C:\Windows\system32\drivers
18:24:08.832 Service scanning
18:24:10.407 Modules scanning
18:24:17.240 Disk 0 trace - called modules:
18:24:17.256 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:24:17.256 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863e7ac8]
18:24:17.271 3 CLASSPNP.SYS[807a98b3] -> nt!IofCallDriver -> [0x85d44f08]
18:24:17.271 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85d52528]
18:24:18.675 AVAST engine scan C:\Windows
18:24:22.107 AVAST engine scan C:\Windows\system32
18:26:38.295 AVAST engine scan C:\Windows\system32\drivers
18:26:52.429 AVAST engine scan C:\Users\theodore trueheart
18:27:40.477 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
18:27:40.493 The log file has been saved successfully to "F:\aswMBR.txt"
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Do I have a Virus?

Unread postby askey127 » January 19th, 2012, 8:08 pm

blah9,
Need to check the Master Boot Record (MBR).
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Do I have a Virus?

Unread postby blah9 » January 19th, 2012, 8:41 pm

Hi Askey,

I ran your instructions but for some reason it created three log files in the C:/ directory note one. I have posted all of them here.


19:35:07.0837 6024 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
19:35:07.0884 6024 ============================================================
19:35:07.0884 6024 Current date / time: 2012/01/19 19:35:07.0884
19:35:07.0884 6024 SystemInfo:
19:35:07.0884 6024
19:35:07.0884 6024 OS Version: 6.0.6002 ServicePack: 2.0
19:35:07.0884 6024 Product type: Workstation
19:35:07.0884 6024 ComputerName: THEODORETRUE-PC
19:35:07.0884 6024 UserName: theodore trueheart
19:35:07.0884 6024 Windows directory: C:\Windows
19:35:07.0884 6024 System windows directory: C:\Windows
19:35:07.0884 6024 Processor architecture: Intel x86
19:35:07.0884 6024 Number of processors: 2
19:35:07.0884 6024 Page size: 0x1000
19:35:07.0884 6024 Boot type: Normal boot
19:35:07.0884 6024 ============================================================
19:35:08.0898 6024 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:08.0898 6024 Drive \Device\Harddisk1\DR3 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:35:08.0929 6024 Initialize success
19:35:32.0282 4708 ============================================================
19:35:32.0282 4708 Scan started
19:35:32.0282 4708 Mode: Manual;
19:35:32.0282 4708 ============================================================
19:35:32.0891 4708 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:35:32.0891 4708 ACPI - ok
19:35:32.0937 4708 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:35:32.0953 4708 adp94xx - ok
19:35:32.0969 4708 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:35:32.0969 4708 adpahci - ok
19:35:33.0000 4708 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:35:33.0000 4708 adpu160m - ok
19:35:33.0015 4708 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:35:33.0015 4708 adpu320 - ok
19:35:33.0109 4708 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:35:33.0109 4708 AFD - ok
19:35:33.0187 4708 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:35:33.0203 4708 agp440 - ok
19:35:33.0218 4708 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:35:33.0218 4708 aic78xx - ok
19:35:33.0249 4708 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
19:35:33.0249 4708 aliide - ok
19:35:33.0265 4708 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:35:33.0265 4708 amdagp - ok
19:35:33.0281 4708 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
19:35:33.0281 4708 amdide - ok
19:35:33.0296 4708 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:35:33.0296 4708 AmdK7 - ok
19:35:33.0327 4708 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:35:33.0327 4708 AmdK8 - ok
19:35:33.0359 4708 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:35:33.0359 4708 arc - ok
19:35:33.0390 4708 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:35:33.0390 4708 arcsas - ok
19:35:33.0437 4708 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
19:35:33.0437 4708 aswFsBlk - ok
19:35:33.0468 4708 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
19:35:33.0468 4708 aswMonFlt - ok
19:35:33.0499 4708 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
19:35:33.0499 4708 aswRdr - ok
19:35:33.0530 4708 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
19:35:33.0530 4708 aswSnx - ok
19:35:33.0546 4708 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
19:35:33.0561 4708 aswSP - ok
19:35:33.0593 4708 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
19:35:33.0593 4708 aswTdi - ok
19:35:33.0639 4708 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:33.0639 4708 AsyncMac - ok
19:35:33.0686 4708 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:35:33.0686 4708 atapi - ok
19:35:33.0764 4708 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
19:35:33.0780 4708 athr - ok
19:35:33.0858 4708 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:35:33.0858 4708 Beep - ok
19:35:33.0905 4708 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:35:33.0905 4708 blbdrive - ok
19:35:33.0951 4708 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:35:33.0967 4708 bowser - ok
19:35:33.0983 4708 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:35:33.0983 4708 BrFiltLo - ok
19:35:34.0014 4708 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:35:34.0014 4708 BrFiltUp - ok
19:35:34.0045 4708 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:35:34.0045 4708 Brserid - ok
19:35:34.0076 4708 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:35:34.0076 4708 BrSerWdm - ok
19:35:34.0123 4708 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:35:34.0123 4708 BrUsbMdm - ok
19:35:34.0139 4708 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:35:34.0139 4708 BrUsbSer - ok
19:35:34.0154 4708 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:35:34.0154 4708 BTHMODEM - ok
19:35:34.0185 4708 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:34.0185 4708 cdfs - ok
19:35:34.0232 4708 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:34.0232 4708 cdrom - ok
19:35:34.0248 4708 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:35:34.0248 4708 circlass - ok
19:35:34.0310 4708 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:35:34.0326 4708 CLFS - ok
19:35:34.0373 4708 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:34.0373 4708 CmBatt - ok
19:35:34.0404 4708 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
19:35:34.0404 4708 cmdide - ok
19:35:34.0466 4708 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
19:35:34.0466 4708 CnxtHdAudService - ok
19:35:34.0513 4708 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:35:34.0513 4708 Compbatt - ok
19:35:34.0529 4708 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:35:34.0529 4708 crcdisk - ok
19:35:34.0544 4708 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:35:34.0544 4708 Crusoe - ok
19:35:34.0622 4708 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:35:34.0622 4708 DfsC - ok
19:35:34.0700 4708 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:35:34.0700 4708 disk - ok
19:35:34.0763 4708 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:35:34.0763 4708 drmkaud - ok
19:35:34.0825 4708 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:34.0841 4708 DXGKrnl - ok
19:35:34.0887 4708 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:35:34.0887 4708 E1G60 - ok
19:35:34.0981 4708 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:35:34.0981 4708 Ecache - ok
19:35:35.0028 4708 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:35:35.0028 4708 elxstor - ok
19:35:35.0090 4708 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:35:35.0090 4708 ErrDev - ok
19:35:35.0137 4708 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:35:35.0153 4708 exfat - ok
19:35:35.0199 4708 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:35:35.0199 4708 fastfat - ok
19:35:35.0231 4708 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:35:35.0231 4708 fdc - ok
19:35:35.0277 4708 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:35:35.0277 4708 FileInfo - ok
19:35:35.0293 4708 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:35:35.0293 4708 Filetrace - ok
19:35:35.0309 4708 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:35.0309 4708 flpydisk - ok
19:35:35.0371 4708 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:35:35.0371 4708 FltMgr - ok
19:35:35.0402 4708 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:35:35.0418 4708 Fs_Rec - ok
19:35:35.0433 4708 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:35:35.0433 4708 gagp30kx - ok
19:35:35.0527 4708 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:35:35.0527 4708 HdAudAddService - ok
19:35:35.0574 4708 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:35.0589 4708 HDAudBus - ok
19:35:35.0605 4708 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:35:35.0605 4708 HidBth - ok
19:35:35.0621 4708 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:35:35.0621 4708 HidIr - ok
19:35:35.0667 4708 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:35:35.0667 4708 HidUsb - ok
19:35:35.0699 4708 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:35:35.0699 4708 HpCISSs - ok
19:35:35.0730 4708 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:35:35.0730 4708 HpqKbFiltr - ok
19:35:35.0792 4708 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:35:35.0808 4708 HSF_DPV - ok
19:35:35.0823 4708 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:35:35.0823 4708 HSXHWAZL - ok
19:35:35.0901 4708 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:35:35.0901 4708 HTTP - ok
19:35:35.0933 4708 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:35:35.0933 4708 i2omp - ok
19:35:35.0979 4708 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:35.0979 4708 i8042prt - ok
19:35:36.0011 4708 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:35:36.0011 4708 iaStorV - ok
19:35:36.0042 4708 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:35:36.0042 4708 iirsp - ok
19:35:36.0057 4708 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
19:35:36.0057 4708 intelide - ok
19:35:36.0089 4708 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:35:36.0089 4708 intelppm - ok
19:35:36.0120 4708 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:36.0120 4708 IpFilterDriver - ok
19:35:36.0135 4708 IpInIp - ok
19:35:36.0167 4708 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:35:36.0167 4708 IPMIDRV - ok
19:35:36.0198 4708 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:35:36.0198 4708 IPNAT - ok
19:35:36.0198 4708 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:35:36.0198 4708 IRENUM - ok
19:35:36.0229 4708 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:35:36.0229 4708 isapnp - ok
19:35:36.0291 4708 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:35:36.0291 4708 iScsiPrt - ok
19:35:36.0291 4708 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:35:36.0307 4708 iteatapi - ok
19:35:36.0307 4708 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:35:36.0307 4708 iteraid - ok
19:35:36.0338 4708 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:36.0338 4708 kbdclass - ok
19:35:36.0354 4708 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:35:36.0354 4708 kbdhid - ok
19:35:36.0432 4708 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:35:36.0432 4708 KSecDD - ok
19:35:36.0494 4708 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:35:36.0494 4708 lltdio - ok
19:35:36.0541 4708 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:35:36.0541 4708 LSI_FC - ok
19:35:36.0557 4708 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:35:36.0557 4708 LSI_SAS - ok
19:35:36.0572 4708 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:35:36.0572 4708 LSI_SCSI - ok
19:35:36.0588 4708 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:35:36.0588 4708 luafv - ok
19:35:36.0635 4708 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:35:36.0635 4708 mdmxsdk - ok
19:35:36.0666 4708 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:35:36.0666 4708 megasas - ok
19:35:36.0713 4708 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:35:36.0713 4708 MegaSR - ok
19:35:36.0728 4708 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:35:36.0728 4708 Modem - ok
19:35:36.0759 4708 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:35:36.0759 4708 monitor - ok
19:35:36.0806 4708 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:35:36.0806 4708 mouclass - ok
19:35:36.0822 4708 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:35:36.0837 4708 mouhid - ok
19:35:36.0869 4708 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:35:36.0869 4708 MountMgr - ok
19:35:36.0884 4708 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:35:36.0884 4708 mpio - ok
19:35:36.0915 4708 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:35:36.0915 4708 mpsdrv - ok
19:35:36.0931 4708 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:35:36.0947 4708 Mraid35x - ok
19:35:36.0993 4708 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:35:36.0993 4708 MRxDAV - ok
19:35:37.0025 4708 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:37.0025 4708 mrxsmb - ok
19:35:37.0056 4708 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:37.0056 4708 mrxsmb10 - ok
19:35:37.0071 4708 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:37.0071 4708 mrxsmb20 - ok
19:35:37.0103 4708 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
19:35:37.0103 4708 msahci - ok
19:35:37.0118 4708 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:35:37.0134 4708 msdsm - ok
19:35:37.0165 4708 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:35:37.0165 4708 Msfs - ok
19:35:37.0212 4708 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:35:37.0212 4708 msisadrv - ok
19:35:37.0243 4708 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:35:37.0243 4708 MSKSSRV - ok
19:35:37.0259 4708 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:37.0259 4708 MSPCLOCK - ok
19:35:37.0274 4708 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:35:37.0274 4708 MSPQM - ok
19:35:37.0337 4708 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:35:37.0337 4708 MsRPC - ok
19:35:37.0352 4708 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:37.0368 4708 mssmbios - ok
19:35:37.0368 4708 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:35:37.0368 4708 MSTEE - ok
19:35:37.0415 4708 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:35:37.0430 4708 Mup - ok
19:35:37.0493 4708 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:35:37.0493 4708 NativeWifiP - ok
19:35:37.0555 4708 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:35:37.0571 4708 NDIS - ok
19:35:37.0617 4708 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:37.0617 4708 NdisTapi - ok
19:35:37.0649 4708 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:37.0649 4708 Ndisuio - ok
19:35:37.0695 4708 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:37.0695 4708 NdisWan - ok
19:35:37.0727 4708 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:35:37.0727 4708 NDProxy - ok
19:35:37.0758 4708 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:35:37.0758 4708 NetBIOS - ok
19:35:37.0805 4708 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:35:37.0805 4708 netbt - ok
19:35:37.0929 4708 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
19:35:37.0992 4708 NETw3v32 - ok
19:35:38.0023 4708 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:35:38.0023 4708 nfrd960 - ok
19:35:38.0101 4708 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
19:35:38.0101 4708 NPF - ok
19:35:38.0132 4708 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:35:38.0132 4708 Npfs - ok
19:35:38.0148 4708 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:35:38.0163 4708 nsiproxy - ok
19:35:38.0241 4708 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:35:38.0241 4708 Ntfs - ok
19:35:38.0273 4708 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:35:38.0273 4708 ntrigdigi - ok
19:35:38.0288 4708 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:35:38.0288 4708 Null - ok
19:35:38.0319 4708 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:35:38.0319 4708 NVENETFD - ok
19:35:38.0351 4708 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
19:35:38.0351 4708 NVHDA - ok
19:35:38.0600 4708 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:35:38.0725 4708 nvlddmkm - ok
19:35:38.0803 4708 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:35:38.0803 4708 NVNET - ok
19:35:38.0834 4708 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:35:38.0834 4708 nvraid - ok
19:35:38.0881 4708 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
19:35:38.0881 4708 nvsmu - ok
19:35:38.0912 4708 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:35:38.0912 4708 nvstor - ok
19:35:38.0943 4708 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:35:38.0943 4708 nv_agp - ok
19:35:38.0990 4708 NWADI (fc2a8aaa0f3321f41231ede0af1968ae) C:\Windows\system32\DRIVERS\NWADIenum.sys
19:35:39.0006 4708 NWADI - ok
19:35:39.0006 4708 NwlnkFlt - ok
19:35:39.0021 4708 NwlnkFwd - ok
19:35:39.0053 4708 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
19:35:39.0053 4708 NWUSBCDFIL - ok
19:35:39.0099 4708 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys
19:35:39.0099 4708 NWUSBModem - ok
19:35:39.0115 4708 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys
19:35:39.0131 4708 NWUSBPort - ok
19:35:39.0146 4708 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys
19:35:39.0146 4708 NWUSBPort2 - ok
19:35:39.0224 4708 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:39.0224 4708 ohci1394 - ok
19:35:39.0271 4708 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:35:39.0271 4708 Parport - ok
19:35:39.0318 4708 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:35:39.0318 4708 partmgr - ok
19:35:39.0349 4708 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:35:39.0349 4708 Parvdm - ok
19:35:39.0411 4708 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:35:39.0411 4708 pci - ok
19:35:39.0443 4708 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:35:39.0458 4708 pciide - ok
19:35:39.0474 4708 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:35:39.0474 4708 pcmcia - ok
19:35:39.0552 4708 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:35:39.0567 4708 PEAUTH - ok
19:35:39.0645 4708 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:35:39.0645 4708 PptpMiniport - ok
19:35:39.0661 4708 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
19:35:39.0661 4708 Processor - ok
19:35:39.0723 4708 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:35:39.0723 4708 PSched - ok
19:35:39.0770 4708 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:35:39.0786 4708 ql2300 - ok
19:35:39.0801 4708 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:35:39.0801 4708 ql40xx - ok
19:35:39.0817 4708 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:35:39.0833 4708 QWAVEdrv - ok
19:35:39.0848 4708 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:35:39.0848 4708 RasAcd - ok
19:35:39.0864 4708 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:39.0879 4708 Rasl2tp - ok
19:35:39.0911 4708 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:39.0911 4708 RasPppoe - ok
19:35:39.0957 4708 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:35:39.0957 4708 RasSstp - ok
19:35:39.0973 4708 rcmirror (aa3eaac5827c73ce50eff2883f986144) C:\Windows\system32\DRIVERS\rcmirror.sys
19:35:39.0973 4708 rcmirror - ok
19:35:40.0020 4708 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:35:40.0020 4708 rdbss - ok
19:35:40.0051 4708 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:40.0067 4708 RDPCDD - ok
19:35:40.0082 4708 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:35:40.0082 4708 rdpdr - ok
19:35:40.0113 4708 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:35:40.0113 4708 RDPENCDD - ok
19:35:40.0160 4708 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:35:40.0176 4708 RDPWD - ok
19:35:40.0254 4708 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:35:40.0254 4708 rspndr - ok
19:35:40.0269 4708 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
19:35:40.0285 4708 RTSTOR - ok
19:35:40.0301 4708 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:35:40.0301 4708 sbp2port - ok
19:35:40.0347 4708 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:35:40.0347 4708 sdbus - ok
19:35:40.0394 4708 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:35:40.0394 4708 secdrv - ok
19:35:40.0425 4708 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:35:40.0425 4708 Serenum - ok
19:35:40.0441 4708 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:35:40.0441 4708 Serial - ok
19:35:40.0472 4708 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:35:40.0472 4708 sermouse - ok
19:35:40.0503 4708 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:35:40.0503 4708 sffdisk - ok
19:35:40.0535 4708 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:35:40.0535 4708 sffp_mmc - ok
19:35:40.0550 4708 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:35:40.0550 4708 sffp_sd - ok
19:35:40.0550 4708 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:35:40.0550 4708 sfloppy - ok
19:35:40.0581 4708 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:35:40.0581 4708 sisagp - ok
19:35:40.0613 4708 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:35:40.0613 4708 SiSRaid2 - ok
19:35:40.0644 4708 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:35:40.0644 4708 SiSRaid4 - ok
19:35:40.0706 4708 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:35:40.0706 4708 Smb - ok
19:35:40.0800 4708 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
19:35:40.0800 4708 SMSIVZAM5 - ok
19:35:40.0847 4708 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:35:40.0847 4708 spldr - ok
19:35:40.0909 4708 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:35:40.0925 4708 srv - ok
19:35:40.0971 4708 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:35:40.0971 4708 srv2 - ok
19:35:41.0003 4708 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:35:41.0003 4708 srvnet - ok
19:35:41.0081 4708 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:35:41.0081 4708 swenum - ok
19:35:41.0112 4708 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:35:41.0112 4708 Symc8xx - ok
19:35:41.0127 4708 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:35:41.0127 4708 Sym_hi - ok
19:35:41.0143 4708 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:35:41.0143 4708 Sym_u3 - ok
19:35:41.0174 4708 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
19:35:41.0190 4708 SynTP - ok
19:35:41.0268 4708 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:35:41.0283 4708 Tcpip - ok
19:35:41.0315 4708 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:35:41.0315 4708 Tcpip6 - ok
19:35:41.0361 4708 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:35:41.0361 4708 tcpipreg - ok
19:35:41.0408 4708 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:35:41.0408 4708 TDPIPE - ok
19:35:41.0424 4708 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:35:41.0424 4708 TDTCP - ok
19:35:41.0471 4708 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:35:41.0486 4708 tdx - ok
19:35:41.0533 4708 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:35:41.0533 4708 TermDD - ok
19:35:41.0580 4708 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:41.0580 4708 tssecsrv - ok
19:35:41.0611 4708 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:35:41.0611 4708 tunmp - ok
19:35:41.0611 4708 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
19:35:41.0627 4708 tunnel - ok
19:35:41.0642 4708 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:35:41.0658 4708 uagp35 - ok
19:35:41.0705 4708 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:35:41.0705 4708 udfs - ok
19:35:41.0736 4708 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:35:41.0736 4708 uliagpkx - ok
19:35:41.0767 4708 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:35:41.0767 4708 uliahci - ok
19:35:41.0783 4708 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:35:41.0783 4708 UlSata - ok
19:35:41.0814 4708 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:35:41.0814 4708 ulsata2 - ok
19:35:41.0829 4708 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:35:41.0829 4708 umbus - ok
19:35:41.0876 4708 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:41.0876 4708 usbccgp - ok
19:35:41.0892 4708 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:35:41.0892 4708 usbcir - ok
19:35:41.0939 4708 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:35:41.0939 4708 usbehci - ok
19:35:41.0985 4708 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:35:41.0985 4708 usbhub - ok
19:35:42.0001 4708 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:35:42.0001 4708 usbohci - ok
19:35:42.0032 4708 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:35:42.0032 4708 usbprint - ok
19:35:42.0048 4708 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:42.0048 4708 USBSTOR - ok
19:35:42.0079 4708 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:42.0079 4708 usbuhci - ok
19:35:42.0095 4708 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:42.0095 4708 vga - ok
19:35:42.0110 4708 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:35:42.0110 4708 VgaSave - ok
19:35:42.0126 4708 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:35:42.0141 4708 viaagp - ok
19:35:42.0157 4708 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:35:42.0157 4708 ViaC7 - ok
19:35:42.0173 4708 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
19:35:42.0173 4708 viaide - ok
19:35:42.0204 4708 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:35:42.0204 4708 volmgr - ok
19:35:42.0266 4708 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:35:42.0266 4708 volmgrx - ok
19:35:42.0313 4708 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:35:42.0329 4708 volsnap - ok
19:35:42.0344 4708 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:35:42.0344 4708 vsmraid - ok
19:35:42.0391 4708 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:35:42.0391 4708 WacomPen - ok
19:35:42.0422 4708 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:42.0422 4708 Wanarp - ok
19:35:42.0453 4708 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:42.0453 4708 Wanarpv6 - ok
19:35:42.0500 4708 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:35:42.0500 4708 Wd - ok
19:35:42.0531 4708 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:35:42.0547 4708 Wdf01000 - ok
19:35:42.0641 4708 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:35:42.0641 4708 winachsf - ok
19:35:42.0703 4708 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:35:42.0719 4708 WmiAcpi - ok
19:35:42.0765 4708 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:35:42.0765 4708 ws2ifsl - ok
19:35:42.0797 4708 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
19:35:42.0797 4708 XAudio - ok
19:35:42.0843 4708 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
19:35:42.0843 4708 yukonwlh - ok
19:35:42.0875 4708 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
19:35:42.0906 4708 \Device\Harddisk0\DR0 - ok
19:35:42.0906 4708 MBR (0x1B8) (b890cba10a03d4bd1e60bea5fc206936) \Device\Harddisk1\DR3
19:35:42.0921 4708 \Device\Harddisk1\DR3 - ok
19:35:42.0937 4708 Boot (0x1200) (ac87c4211a6799320ecf2b190adafd9d) \Device\Harddisk0\DR0\Partition0
19:35:42.0937 4708 \Device\Harddisk0\DR0\Partition0 - ok
19:35:42.0968 4708 Boot (0x1200) (0218aa96fad39c49ee0dff5d2001fe93) \Device\Harddisk0\DR0\Partition1
19:35:42.0968 4708 \Device\Harddisk0\DR0\Partition1 - ok
19:35:42.0984 4708 Boot (0x1200) (5ac218b6fbd2f5c7a6ff6ba3c6898df8) \Device\Harddisk1\DR3\Partition0
19:35:42.0984 4708 \Device\Harddisk1\DR3\Partition0 - ok
19:35:42.0984 4708 ============================================================
19:35:42.0984 4708 Scan finished
19:35:42.0984 4708 ============================================================
19:35:42.0999 5388 Detected object count: 0
19:35:42.0999 5388 Actual detected object count: 0
19:36:28.0193 6004 Deinitialize success



19:34:24.0256 4040 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
19:34:24.0365 4040 ============================================================
19:34:24.0365 4040 Current date / time: 2012/01/19 19:34:24.0365
19:34:24.0365 4040 SystemInfo:
19:34:24.0365 4040
19:34:24.0365 4040 OS Version: 6.0.6002 ServicePack: 2.0
19:34:24.0365 4040 Product type: Workstation
19:34:24.0365 4040 ComputerName: THEODORETRUE-PC
19:34:24.0365 4040 UserName: theodore trueheart
19:34:24.0365 4040 Windows directory: C:\Windows
19:34:24.0365 4040 System windows directory: C:\Windows
19:34:24.0365 4040 Processor architecture: Intel x86
19:34:24.0365 4040 Number of processors: 2
19:34:24.0365 4040 Page size: 0x1000
19:34:24.0365 4040 Boot type: Normal boot
19:34:24.0365 4040 ============================================================
19:34:25.0644 4040 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:34:25.0644 4040 Drive \Device\Harddisk1\DR3 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:34:25.0769 4040 Initialize success
19:34:39.0950 0284 Deinitialize success


19:34:45.0657 2880 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
19:34:45.0719 2880 ============================================================
19:34:45.0719 2880 Current date / time: 2012/01/19 19:34:45.0719
19:34:45.0719 2880 SystemInfo:
19:34:45.0719 2880
19:34:45.0719 2880 OS Version: 6.0.6002 ServicePack: 2.0
19:34:45.0719 2880 Product type: Workstation
19:34:45.0719 2880 ComputerName: THEODORETRUE-PC
19:34:45.0719 2880 UserName: theodore trueheart
19:34:45.0719 2880 Windows directory: C:\Windows
19:34:45.0719 2880 System windows directory: C:\Windows
19:34:45.0719 2880 Processor architecture: Intel x86
19:34:45.0719 2880 Number of processors: 2
19:34:45.0719 2880 Page size: 0x1000
19:34:45.0719 2880 Boot type: Normal boot
19:34:45.0719 2880 ============================================================
19:34:46.0780 2880 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:34:46.0796 2880 Drive \Device\Harddisk1\DR3 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:34:46.0827 2880 Initialize success
19:35:01.0210 5864 Deinitialize success
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Do I have a Virus?

Unread postby askey127 » January 20th, 2012, 8:18 am

blah9,
-----------------------------------------------
Download MBRCheck by a_d_13 from here and save it to your Desktop.

  • Double click MBRCheck.exe
  • A black command type window will open
  • After a short while, a text file will appear on your desktop named MBRCheck_Date_Time.txt
  • Press 'N' on your keyboard , then press 'enter' to close the window.
  • Copy/paste the contents of MBRCheck_Date_Time.txt in your next reply

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Do I have a Virus?

Unread postby blah9 » January 20th, 2012, 5:19 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 197):
0x82643000 \SystemRoot\system32\ntkrnlpa.exe
0x82610000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\PSHED.dll
0x8041C000 \SystemRoot\system32\BOOTVID.dll
0x80424000 \SystemRoot\system32\CLFS.SYS
0x80465000 \SystemRoot\system32\CI.dll
0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060F000 \SystemRoot\system32\drivers\acpi.sys
0x80655000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065E000 \SystemRoot\system32\drivers\msisadrv.sys
0x80666000 \SystemRoot\system32\drivers\pci.sys
0x8068D000 \SystemRoot\system32\drivers\isapnp.sys
0x8069C000 \SystemRoot\system32\drivers\mpio.sys
0x806B8000 \SystemRoot\System32\drivers\partmgr.sys
0x806C7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806CA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806D4000 \SystemRoot\system32\drivers\volmgr.sys
0x806E3000 \SystemRoot\System32\drivers\volmgrx.sys
0x8072D000 \SystemRoot\system32\drivers\intelide.sys
0x80734000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80742000 \SystemRoot\system32\drivers\pciide.sys
0x80749000 \SystemRoot\system32\drivers\aliide.sys
0x80750000 \SystemRoot\system32\drivers\amdide.sys
0x80757000 \SystemRoot\system32\drivers\cmdide.sys
0x8075F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8076F000 \SystemRoot\system32\drivers\msdsm.sys
0x80789000 \SystemRoot\system32\drivers\nvraid.sys
0x807A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807C5000 \SystemRoot\system32\drivers\viaide.sys
0x8A408000 \SystemRoot\system32\drivers\iastorv.sys
0x8A4A9000 \SystemRoot\system32\drivers\atapi.sys
0x8A4B1000 \SystemRoot\system32\drivers\ataport.SYS
0x8A4CF000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8A4E9000 \SystemRoot\system32\drivers\storport.sys
0x8A52A000 \SystemRoot\system32\drivers\msahci.sys
0x8A534000 \SystemRoot\system32\drivers\hpcisss.sys
0x8A53F000 \SystemRoot\system32\drivers\adp94xx.sys
0x8A5A9000 \SystemRoot\system32\drivers\adpahci.sys
0x807CD000 \SystemRoot\system32\drivers\adpu160m.sys
0x805CE000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8A601000 \SystemRoot\system32\drivers\adpu320.sys
0x8A627000 \SystemRoot\system32\drivers\djsvs.sys
0x8A63B000 \SystemRoot\system32\drivers\arc.sys
0x8A651000 \SystemRoot\system32\drivers\arcsas.sys
0x8A667000 \SystemRoot\system32\drivers\elxstor.sys
0x8A6FB000 \SystemRoot\system32\drivers\i2omp.sys
0x8A705000 \SystemRoot\system32\drivers\iirsp.sys
0x8A715000 \SystemRoot\system32\drivers\iteatapi.sys
0x8A721000 \SystemRoot\system32\drivers\iteraid.sys
0x8A72D000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8A747000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8A75F000 \SystemRoot\system32\drivers\megasas.sys
0x8A803000 \SystemRoot\system32\drivers\megasr.sys
0x8A8BA000 \SystemRoot\system32\drivers\mraid35x.sys
0x8A8C5000 \SystemRoot\system32\drivers\nfrd960.sys
0x8A8D3000 \SystemRoot\system32\drivers\nvstor.sys
0x8AA02000 \SystemRoot\system32\drivers\ql2300.sys
0x8AB3A000 \SystemRoot\system32\drivers\ql40xx.sys
0x8AB8F000 \SystemRoot\system32\drivers\sisraid2.sys
0x8AB9C000 \SystemRoot\system32\drivers\sisraid4.sys
0x8ABB1000 \SystemRoot\system32\drivers\symc8xx.sys
0x8ABBD000 \SystemRoot\system32\drivers\sym_hi.sys
0x8ABC8000 \SystemRoot\system32\drivers\sym_u3.sys
0x8A8E0000 \SystemRoot\system32\drivers\uliahci.sys
0x8ABD3000 \SystemRoot\system32\drivers\ulsata.sys
0x8A91C000 \SystemRoot\system32\drivers\ulsata2.sys
0x8A948000 \SystemRoot\system32\drivers\vsmraid.sys
0x8A969000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A99B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A769000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC0C000 \SystemRoot\system32\drivers\ndis.sys
0x8AD17000 \SystemRoot\system32\drivers\msrpc.sys
0x8AD42000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE0D000 \SystemRoot\System32\drivers\tcpip.sys
0x8AEF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B003000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B113000 \SystemRoot\system32\drivers\wd.sys
0x8B11B000 \SystemRoot\system32\drivers\volsnap.sys
0x8B154000 \SystemRoot\System32\Drivers\spldr.sys
0x8B15C000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B171000 \SystemRoot\System32\Drivers\mup.sys
0x8B180000 \SystemRoot\System32\drivers\ecache.sys
0x8B1A7000 \SystemRoot\system32\drivers\disk.sys
0x8B1B8000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B1E1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B1EC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AF12000 \SystemRoot\system32\DRIVERS\processr.sys
0x8B1F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8AF21000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AF34000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8AF39000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AF44000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B1FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AF74000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AF7F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AF83000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8AF8B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8AF95000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AFD3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E808000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E895000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E8AD000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F757000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F759000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E8F3000 \SystemRoot\System32\drivers\watchdog.sys
0x8F80A000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F918000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F947000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F952000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F969000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F974000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F997000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F9A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F9BA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F9CF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F9DF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E8FF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E929000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8F9E1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F9EB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E966000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E99B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E9AC000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8AD7D000 \SystemRoot\system32\drivers\portcls.sys
0x8ADAA000 \SystemRoot\system32\drivers\drmk.sys
0x8A9AB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FC06000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FD09000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FDBE000 \SystemRoot\system32\drivers\modem.sys
0x8FDCB000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8FDD9000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8FE0D000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8FE7D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FE86000 \SystemRoot\System32\Drivers\Null.SYS
0x8FE8D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FE9D000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8FEA4000 \SystemRoot\System32\drivers\vga.sys
0x8FEB0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FED1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FED9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FEE1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FEEC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FEFA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FF03000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FF19000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8FF24000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FF38000 \SystemRoot\system32\drivers\afd.sys
0x8FF80000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8FF87000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FFB9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FFCF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FFDD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90801000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9083D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90847000 \SystemRoot\System32\Drivers\dfsc.sys
0x9085E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x908AB000 \SystemRoot\System32\Drivers\fastfat.SYS
0x908D3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x908E0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x908EB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x99080000 \SystemRoot\System32\win32k.sys
0x908F3000 \SystemRoot\System32\drivers\Dxapi.sys
0x992A0000 \SystemRoot\System32\TSDDD.dll
0x992C0000 \SystemRoot\System32\ATMFD.DLL
0x99310000 \SystemRoot\System32\cdd.dll
0x9090C000 \SystemRoot\system32\drivers\luafv.sys
0x90927000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x9095F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9D400000 \SystemRoot\system32\drivers\spsys.sys
0x9D4B0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D4C0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D4EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D4F4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D507000 \SystemRoot\system32\drivers\HTTP.sys
0x9D574000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D591000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D5AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D5BF000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D5E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x90962000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9099B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x909B3000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1405000 \SystemRoot\System32\DRIVERS\srv.sys
0xA146C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA1470000 \SystemRoot\system32\drivers\npf.sys
0xA147F000 \SystemRoot\system32\drivers\peauth.sys
0xA155D000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1567000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1573000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA157B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA1591000 \??\C:\Users\THEODO~1\AppData\Local\Temp\aswMBR.sys
0xA15EC000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA1454000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x76F20000 \Windows\System32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
1116 C:\Windows\System32\smss.exe
1420 csrss.exe
1628 C:\Windows\System32\wininit.exe
1660 csrss.exe
1740 C:\Windows\System32\services.exe
1788 C:\Windows\System32\lsass.exe
1820 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
992 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\winlogon.exe
1632 C:\Windows\System32\svchost.exe
1856 C:\Windows\System32\svchost.exe
1904 C:\Windows\System32\svchost.exe
2060 C:\Windows\System32\audiodg.exe
2108 C:\Windows\System32\svchost.exe
2156 C:\Windows\System32\SLsvc.exe
2252 C:\Windows\System32\svchost.exe
2324 C:\Windows\System32\nvvsvc.exe
2708 C:\Windows\System32\svchost.exe
2932 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
3412 C:\Windows\System32\spoolsv.exe
3460 C:\Windows\System32\svchost.exe
3788 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
3868 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
4160 C:\Windows\System32\svchost.exe
4184 C:\Program Files\SMINST\BLService.exe
4288 C:\Program Files\CyberLink\Shared files\RichVideo.exe
4352 C:\Windows\System32\svchost.exe
4408 C:\Windows\System32\svchost.exe
4448 C:\Windows\System32\SearchIndexer.exe
4632 C:\Windows\System32\drivers\XAudio.exe
1284 C:\Windows\System32\dwm.exe
1460 C:\Windows\explorer.exe
1492 C:\Windows\System32\taskeng.exe
5488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1256 C:\Program Files\HP\QuickPlay\QPService.exe
1544 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1832 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1880 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1928 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
5672 C:\Windows\ehome\ehtray.exe
1992 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
364 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
428 C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
5760 C:\Windows\ehome\ehmsas.exe
2352 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2448 WmiPrvSE.exe
2896 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3080 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4572 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5068 C:\Windows\System32\svchost.exe
5204 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1380 taskeng.exe
4784 C:\Windows\System32\taskeng.exe
3168 taskeng.exe
3952 mcupdate.exe
4200 F:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`7da00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 199 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware