Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: casey071 on December 06, 2011, 02:48:24 PM

Title: Malware or Virus possibly on my computer
Post by: casey071 on December 06, 2011, 02:48:24 PM
I have gone thru all the steps to remove the virus/malware that is shown on the Computer Hope Malware Removal Steps. I am unsure of what to do next. I will attach the Files it told me to. Thank you for your help!



[regaining space - attachment deleted by admin]
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 06, 2011, 02:50:38 PM
More attachments:

Thank you in advance for all your help!

[regaining space - attachment deleted by admin]
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 06, 2011, 06:55:44 PM
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
RegClean Pro
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
****************************************************
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]
c:\windows\system32\roboot.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*****************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 06, 2011, 07:58:22 PM
http://virusscan.jotti.org/en/scanresult/31e5f9f0f00d72bafd8da6ca879ef09138219cf5
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 06, 2011, 08:38:01 PM
Combo Fix Log

[regaining space - attachment deleted by admin]
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 07, 2011, 01:25:41 PM
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
****************************************************************
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]
c:\windows\System32\drivers\qimss.sys
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
**************************************************************
Re-running ComboFix to remove infections:

Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 07, 2011, 03:18:21 PM
 Results of screen317's Security Check version 0.99.24 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 29 
 Adobe Flash Player    11.0.1.152 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 07, 2011, 03:30:27 PM
When I try to go to Jotti's Malware scan, I click "browse" then paste the file path in, and it gives me this error message:
qmiss.sys     File not found.   Check the file name and try again.
 
I have tried this multiple times, with the same error message. 
Thanks so much for your help! :)
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 07, 2011, 04:46:19 PM
Ok. Please run the ComboFix script and we'll see if it shows up again.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 07, 2011, 09:46:41 PM
ComboFix 11-12-06.01 - office depot 12/07/2011  22:25:33.1.2 - x86 NETWORK
Microsoft Windows Vista Home Premium   6.0.6002.2.1252.1.1033.18.2045.1514 [GMT -6:00]
Running from: c:\users\office depot\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-08 to 2011-12-08  )))))))))))))))))))))))))))))))
.
.
2011-12-08 04:38 . 2011-12-08 04:38   --------   d-----w-   c:\users\office depot\AppData\Local\temp
2011-12-08 04:38 . 2011-12-08 04:38   --------   d-----w-   c:\users\QBDataServiceUser18\AppData\Local\temp
2011-12-08 04:38 . 2011-12-08 04:38   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-12-08 04:38 . 2011-12-08 04:38   --------   d-----w-   c:\users\Brandon\AppData\Local\temp
2011-12-08 03:03 . 2011-12-08 03:03   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9A7527B-0109-41F8-8899-6BE5E7C81451}\offreg.dll
2011-12-06 18:21 . 2011-12-06 18:21   --------   d-----w-   c:\users\office depot\AppData\Roaming\SUPERAntiSpyware.com
2011-12-06 18:20 . 2011-12-06 18:21   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-06 18:20 . 2011-12-06 18:20   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-12-06 15:09 . 2011-11-28 17:53   314456   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-12-06 15:09 . 2011-11-28 17:51   20568   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-12-06 15:09 . 2011-11-28 17:53   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-12-06 15:09 . 2011-11-28 17:52   34392   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-12-06 15:09 . 2011-11-28 17:52   52952   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-12-06 15:09 . 2011-11-28 17:52   55128   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-12-06 15:09 . 2011-11-28 18:01   41184   ----a-w-   c:\windows\avastSS.scr
2011-12-06 15:09 . 2011-11-28 18:01   199816   ----a-w-   c:\windows\system32\aswBoot.exe
2011-12-06 15:09 . 2011-12-06 15:09   --------   d-----w-   c:\programdata\AVAST Software
2011-12-06 15:09 . 2011-12-06 15:09   --------   d-----w-   c:\program files\AVAST Software
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\users\office depot\AppData\Roaming\Malwarebytes
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\programdata\Malwarebytes
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-05 23:31 . 2011-08-31 23:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-12-05 22:57 . 2011-12-05 22:57   --------   d-----w-   c:\users\office depot\AppData\Roaming\Systweak
2011-12-05 22:57 . 2011-11-19 17:52   17280   ----a-w-   c:\windows\system32\roboot.exe
2011-12-05 22:57 . 2011-12-05 22:57   --------   d-----w-   c:\program files\RegClean Pro
2011-12-05 20:40 . 2011-10-07 03:48   6668624   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9A7527B-0109-41F8-8899-6BE5E7C81451}\mpengine.dll
2011-11-27 20:56 . 2011-11-27 20:56   --------   d-----w-   c:\program files\iPod(21)
2011-11-27 20:56 . 2011-11-27 20:58   --------   d-----w-   c:\program files\iTunes(22)
2011-11-09 15:53 . 2011-10-17 11:41   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 15:53 . 2011-09-20 21:02   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:53 . 2011-09-30 15:57   707584   ----a-w-   c:\program files\Common Files\System\wab32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-31 19:55 . 2011-06-21 21:05   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2011-10-03 10:06 . 2010-05-19 00:20   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-09-30 23:06 . 2011-10-12 14:50   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 14:50   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 14:50   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 14:50   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-12 14:50   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-12 14:50   385024   ----a-w-   c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 14:50   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 14:50   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-29 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-8 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R0 peptu;peptu;c:\windows\System32\drivers\qimss.sys
R1 aswSnx;aswSnx;
R1 aswSP;aswSP;
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 aswFsBlk;aswFsBlk;
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 MSSQL$ALLDATASC;SQL Server (ALLDATASC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [2006-09-13 128536]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-16 59552]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2006-12-01 622080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 190080]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 148096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPService   REG_MULTI_SZ      HPSLPSVC
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
getPlusHelper   REG_MULTI_SZ      getPlusHelper
nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:14]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:14]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981839275-669083101-988588451-1000Core.job
- c:\users\office depot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 15:45]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981839275-669083101-988588451-1000UA.job
- c:\users\office depot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 15:45]
.
2010-04-09 c:\windows\Tasks\HPCeeScheduleForoffice depot.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-29 00:08]
.
2011-12-07 c:\windows\Tasks\User_Feed_Synchronization-{E711352B-2144-4CCB-92E2-F93AF208A142}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;
*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates
.com;cf.netzero.net;qs.netzero.net;*.quicken.com;feed.untd.com;*.pogo.com;<local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: 67.128.114.130
Trusted Zone: facebook.com\login
Trusted Zone: facebook.com\www
Trusted Zone: farmville.com
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: sstirelexington.net
Trusted Zone: sstireonline.com
TCP: DhcpNameServer = 67.142.160.8 67.142.160.9 192.168.1.1
DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-07 22:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-07  22:41:42
ComboFix-quarantined-files.txt  2011-12-08 04:41
ComboFix2.txt  2011-12-07 03:31
.
Pre-Run: 57,325,883,392 bytes free
Post-Run: 57,032,499,200 bytes free
.
- - End Of File - - D7DA9A1C5CA97C8C4FFD83A1A4676FBB
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 08, 2011, 12:50:17 PM
No, that's not correct. You need to follow the directions for the ComboFix script as outlined in Reply  # 5
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 08, 2011, 02:04:45 PM
Is this what I needed to do?
 

Results of screen317's Security Check version 0.99.24 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 29 
 Adobe Flash Player    11.0.1.152 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 08, 2011, 04:36:42 PM
No, that's Reply # 6. Go to Reply # 5.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 08, 2011, 04:56:35 PM
Ok, I'm sorry. I am a little confused.  The Reply #6 is where I sent you the results from Security Check by screen317.
I did the first part of Reply #5: I had to use the 2nd link, because the first link wouldn't work.
The second part of Reply # 5 is:  Jotti's malware scan. That is the one I had problems with, so that is why we were having to redo the Combofix.
I thought I sent you the Combofix in Reply#9.
I'm sorry. I'm not sure which one to do. Thanks so much for your patience!
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 09, 2011, 04:27:55 PM
Re-running ComboFix to remove infections:

Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 09, 2011, 09:22:07 PM
I turned off my Avast, but it still came up with the error message that it was still running.  I don't know if that affected anything or not.  Also, as it was trying to get the report ready, it said on the blue box:
Almost done..This window will close ina short while
Please wait a few seconds for the report log to pop up

ComboFix's log sahll be located at C:\COMBFIX.TXT
SED: can't read catchlog: No such file or directory
SED: can't read catchlog: No such file or directory
*******************************************
This is the Log:

ComboFix 11-12-06.01 - office depot 12/09/2011  21:54:07.1.2 - x86 NETWORK
Microsoft Windows Vista Home Premium   6.0.6002.2.1252.1.1033.18.2045.1177 [GMT -6:00]
Running from: c:\users\office depot\Desktop\ComboFix.exe
Command switches used :: c:\users\office depot\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-10 to 2011-12-10  )))))))))))))))))))))))))))))))
.
.
2011-12-10 04:01 . 2011-12-10 04:05   --------   d-----w-   c:\users\office depot\AppData\Local\temp
2011-12-10 04:01 . 2011-12-10 04:01   --------   d-----w-   c:\users\QBDataServiceUser18\AppData\Local\temp
2011-12-10 04:01 . 2011-12-10 04:01   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-12-10 04:01 . 2011-12-10 04:01   --------   d-----w-   c:\users\Brandon\AppData\Local\temp
2011-12-06 18:21 . 2011-12-06 18:21   --------   d-----w-   c:\users\office depot\AppData\Roaming\SUPERAntiSpyware.com
2011-12-06 18:20 . 2011-12-06 18:21   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-12-06 18:20 . 2011-12-06 18:20   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-12-06 15:09 . 2011-11-28 17:53   314456   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-12-06 15:09 . 2011-11-28 17:51   20568   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-12-06 15:09 . 2011-11-28 17:53   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-12-06 15:09 . 2011-11-28 17:52   34392   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-12-06 15:09 . 2011-11-28 17:52   52952   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-12-06 15:09 . 2011-11-28 17:52   55128   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-12-06 15:09 . 2011-11-28 18:01   41184   ----a-w-   c:\windows\avastSS.scr
2011-12-06 15:09 . 2011-11-28 18:01   199816   ----a-w-   c:\windows\system32\aswBoot.exe
2011-12-06 15:09 . 2011-12-06 15:09   --------   d-----w-   c:\programdata\AVAST Software
2011-12-06 15:09 . 2011-12-06 15:09   --------   d-----w-   c:\program files\AVAST Software
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\users\office depot\AppData\Roaming\Malwarebytes
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\programdata\Malwarebytes
2011-12-05 23:31 . 2011-12-05 23:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-05 23:31 . 2011-08-31 23:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-12-05 22:57 . 2011-12-05 22:57   --------   d-----w-   c:\users\office depot\AppData\Roaming\Systweak
2011-12-05 22:57 . 2011-11-19 17:52   17280   ----a-w-   c:\windows\system32\roboot.exe
2011-12-05 22:57 . 2011-12-05 22:57   --------   d-----w-   c:\program files\RegClean Pro
2011-11-27 20:56 . 2011-11-27 20:56   --------   d-----w-   c:\program files\iPod(21)
2011-11-27 20:56 . 2011-11-27 20:58   --------   d-----w-   c:\program files\iTunes(22)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 04:04 . 2011-12-10 04:04   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9A7527B-0109-41F8-8899-6BE5E7C81451}\offreg.dll
2011-10-31 19:55 . 2011-06-21 21:05   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2011-10-07 03:48 . 2011-12-05 20:40   6668624   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9A7527B-0109-41F8-8899-6BE5E7C81451}\mpengine.dll
2011-10-03 10:06 . 2010-05-19 00:20   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-09-30 23:06 . 2011-10-12 14:50   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 14:50   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 14:50   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 14:50   71680   ----a-w-   c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-12 14:50   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-12 14:50   385024   ----a-w-   c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 14:50   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 14:50   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-09-20 21:02 . 2011-11-09 15:53   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-29 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-8 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R0 peptu;peptu;c:\windows\System32\drivers\qimss.sys
R1 aswSnx;aswSnx;
R1 aswSP;aswSP;
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 aswFsBlk;aswFsBlk;
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 MSSQL$ALLDATASC;SQL Server (ALLDATASC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [2006-09-13 128536]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-16 59552]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 hcw85bda;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2006-12-01 622080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 190080]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 148096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPService   REG_MULTI_SZ      HPSLPSVC
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
getPlusHelper   REG_MULTI_SZ      getPlusHelper
nosGetPlusHelper   REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:14]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:14]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981839275-669083101-988588451-1000Core.job
- c:\users\office depot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 15:45]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-981839275-669083101-988588451-1000UA.job
- c:\users\office depot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 15:45]
.
2010-04-09 c:\windows\Tasks\HPCeeScheduleForoffice depot.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-29 00:08]
.
2011-12-07 c:\windows\Tasks\User_Feed_Synchronization-{E711352B-2144-4CCB-92E2-F93AF208A142}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 67.142.160.8 67.142.160.9 192.168.1.1
DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2011-12-09  22:13:38 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-10 04:12
ComboFix2.txt  2011-12-10 03:50
ComboFix3.txt  2011-12-08 04:41
ComboFix4.txt  2011-12-07 03:31
.
Pre-Run: 57,196,535,808 bytes free
Post-Run: 57,058,553,856 bytes free
.
- - End Of File - - A4D597011F8BC17F51FDFC31C162E1DB
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 10, 2011, 11:49:50 AM
What's happening with your computer now?

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)

Unzip it into a folder on your desktop.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 10, 2011, 04:29:47 PM
I was able to see my screen after reply#9 I could see my screen again, but then it went away last night when I turned it back on.  Now it is black again.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 10, 2011, 04:54:01 PM
I did all the steps above for the SysProt Antirootkit. When I get to the part to check the boxes on the write to log box, there is no Hidden objects only at bottom of page or a Create log at bottom of page.
Then it comes up with an error : Failed to start service. SysProtAntiRootkit needs to be run with Admin Privileges. 
I had right clicked and run with Admin Privileges before that came up. 
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 10, 2011, 07:25:31 PM
Ok. Please try this one.

Please download RootRepeal from GooglePages.com (http://rootrepeal.googlepages.com/RootRepeal.zip).Please remove any e-mail address in the RootRepeal report (if present).
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 10, 2011, 09:33:06 PM
Ok, it has been working now for about an hour, and it came up with a error: Attempt to write to address: 0x00000004
Then I can click OK
It is scanning C:\Windows\winsxs\msil_cscompmgd_b03f5f7f11d50a3a_6.0.6000.16720_none_18d6f40a9b5d6a8\

I clicked OK
It came up with this block: Could not read our index block!
Then I clicked OK
It went back to the main RootRepeal page where it had RootRepeal.exe and I clicked on it, and it came up with the Run box again. It never gave me an opportunity to save the report.
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 11, 2011, 11:18:58 AM
Ok. Another one. Surely, we get to run one of them.

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 11, 2011, 01:22:53 PM
I hope this is the right thing.


GMER 1.0.15.15641 - http://www.gmer.net
Autostart scan 2011-12-11 14:11:41
Windows 6.0.6002 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
!SASCORE@ = "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
avast! Antivirus@ = "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
clr_optimization_v4.0.30319_32@ = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
dlbx_device@ = C:\Windows\system32\dlbxcoms.exe -service
gupdate@ = C:\Program Files\Google\Update\GoogleUpdate.exe /svc /*file not found*/
HP Health Check Service@ = "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
hpqwmiex@ = C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
LightScribeService@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
MBAMService@ = "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
MSSQL$ALLDATASC@ = "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sALLDATASC
MSSQL$SOSHOME309@ = "c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSOSHOME309
nvsvc@ = %SystemRoot%\system32\nvvsvc.exe
PSI_SVC_2@ = "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
QBCFMonitorService@ = "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"
QPCapSvc@ = "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe"          ?   C:\Program Files\HP\QuickPlay\Kernel\TV\Ca
QPSched@ = "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" a y \ K e r n e l \ T V \ Q P C a p S v c . e x e   
QuickBooksDB18@ = C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB18
SeaPort@ = "C:\Program Files\Microsoft\BingBar\SeaPort.EXE"
slsvc@ = %SystemRoot%\system32\SLsvc.exe
SQLBrowser@ = "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
SQLWriter@ = "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
wlidsvc@ = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
XAudioService@ = %SystemRoot%\system32\DRIVERS\xaudio.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@HP Software UpdateC:\Program Files\Hp\HP Software Update\HPWuSchd2.exe = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
@QlbCtrl%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/ = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/
@WPCUMIC:\Windows\system32\WpcUmi.exe = C:\Windows\system32\WpcUmi.exe
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@Kernel and Hardware Abstraction LayerKHALMNPR.EXE = KHALMNPR.EXE
@SynTPStartC:\Program Files\Synaptics\SynTP\SynTPStart.exe = C:\Program Files\Synaptics\SynTP\SynTPStart.exe
@hpWirelessAssistantC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
@QPService"C:\Program Files\HP\QuickPlay\QPService.exe" = "C:\Program Files\HP\QuickPlay\QPService.exe"
@HP Health Check Schedulerc:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe = c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
@NvCplDaemonRUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
@SunJavaUpdateSched"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
@APSDaemon"C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@Malwarebytes' Anti-Malware (reboot)"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
@avast"C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
@Malwarebytes' Anti-Malware"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray = "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
RunOnce@Launcher = %WINDIR%\SMINST\launcher.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@swg"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
@ISUSPM StartupC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
@SUPERAntiSpywareC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\Windows\System32\ShellvRTF.dll = C:\Windows\System32\ShellvRTF.dll
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Program Files\Logitech\SetPoint\kbcplext.dll = C:\Program Files\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Program Files\Logitech\SetPoint\mcplext.dll = C:\Program Files\Logitech\SetPoint\mcplext.dll
@{7D5C4BDD-B015-4401-8731-1507B87DE297} /*QBVersionTool*/C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll = C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\Windows\System32\ieframe.dll = C:\Windows\System32\ieframe.dll
@{28803F59-3A75-4058-995F-4EE5503B023C} /*Wireless Devices*/%systemroot%\system32\FunctionDiscoveryFolder.dll = %systemroot%\system32\FunctionDiscoveryFolder.dll
@{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} /*Enhanced Storage Data Source*/%SystemRoot%\system32\EhStorShell.dll = %SystemRoot%\system32\EhStorShell.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\Windows\system32\nvcpl.dll = C:\Windows\system32\nvcpl.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\AVAST Software\Avast\ashShell.dll = C:\Program Files\AVAST Software\Avast\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\AVAST Software\Avast\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu@{fa5934ef-b87c-4e63-b33c-30d066cac810} = c:\Program Files\Corel\WordPerfect Office X4\Programs\PFSE140.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\AVAST Software\Avast\ashShell.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
@{d2ce3e00-f94a-4740-988e-03dc2f38c34f}"C:\Program Files\Microsoft\BingBar\BingExt.dll" = "C:\Program Files\Microsoft\BingBar\BingExt.dll"
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
intu-help-qb1@CLSID = C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
its@CLSID = %SystemRoot%\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000005@LibraryPath = %SystemRoot%\system32\wshbth.dll
000000000008@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\Windows\system32\wpclsp.dll
000000000002@PackedCatalogItem = C:\Windows\system32\wpclsp.dll
000000000003@PackedCatalogItem = C:\Windows\system32\wpclsp.dll
000000000004@PackedCatalogItem = C:\Windows\system32\wpclsp.dll
000000000005@PackedCatalogItem = C:\Windows\system32\wpclsp.dll
000000000006@PackedCatalogItem = C:\Windows\system32\wpclsp.dll
000000000007@PackedCatalogItem = C:\Windows\system32\wpclsp.dll
000000000008@PackedCatalogItem = C:\Windows\system32\wpclsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020@PackedCatalogItem = C:\Windows\system32\wpclsp.dll

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
HP Connections.lnk = HP Connections.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Logitech SetPoint.lnk = Logitech SetPoint.lnk

---- EOF - GMER 1.0.15 ----
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 11, 2011, 07:30:35 PM
Save these instructions so you can have access to them while in Safe Mode.

Please click here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to download AVP Tool by Kaspersky.
Leave the rest of the settings as they appear as default.
Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be neutralized then choose the delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 11, 2011, 08:01:27 PM
I have to use safe mode everytime I turn my computer on or it will have an error message that says: A problem has been detected and windows has been shut down to prevent damage to your computer.
This is a whole page message, and I can tell you all of it if you need it. 
Thanks
Going to do the steps that you requested, and then I'll let you know the results.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 12, 2011, 06:26:14 AM
Ok, I did the scan. It says Scan 1494992 objecs completed, no threats detected. It does not give me a place for reports that I can see anywhere.
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 12, 2011, 12:24:23 PM
Quote
It does not give me a place for reports that I can see anywhere.
It will only produce a report if something is found.
Please do this even if you don't have an OS disk and let me know what happens.

Do you have your OS  CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 14, 2011, 02:49:49 PM
Ok, it said: Verification 100% complete. Windows Resource Protection did not find any integrity violations.
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 14, 2011, 05:23:21 PM
Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 14, 2011, 09:29:24 PM
OTL logfile created on: 12/14/2011 9:55:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\office depot\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.91% Memory free
4.23 Gb Paging File | 3.89 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.45 Gb Total Space | 52.67 Gb Free Space | 36.97% Space Free | Partition Type: NTFS
Drive D: | 6.60 Gb Total Space | 0.44 Gb Free Space | 6.70% Space Free | Partition Type: NTFS
 
Computer Name: CASEYSLAPTOP | User Name: office depot | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/14 21:34:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\office depot\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/16 17:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/03/16 16:45:14 | 000,059,552 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Installer) getPlus(R)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/04 21:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 21:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/06/04 21:14:16 | 000,602,112 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/02/28 17:43:30 | 000,538,096 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlbxcoms.exe -- (dlbx_device)
SRV - [2006/09/13 09:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2006/06/26 11:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/08 08:49:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/05/04 15:57:18 | 000,148,096 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/03/31 14:45:42 | 000,190,080 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2008/12/05 06:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/12/04 01:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/03 04:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/12 10:14:50 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2008/01/19 00:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/11 13:40:30 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/09/11 13:40:30 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/08/22 10:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/10 05:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/03 13:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 13:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 13:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006/12/12 17:06:40 | 000,148,992 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/12/01 16:41:04 | 000,622,080 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (hcw85bda)
DRV - [2006/11/16 03:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 22:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/09 03:02:30 | 001,786,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/06/28 11:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\office depot\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\office depot\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/08 11:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2009/06/09 12:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/08 11:02:54 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z152&form=ZGACDF&install_date=20111122
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\office depot\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\office depot\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\office depot\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Users\office depot\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011/12/09 22:05:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.160.8 67.142.160.9 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{632BA915-7C6D-44DB-8383-D93F980A7ADB}: DhcpNameServer = 67.142.160.8 67.142.160.9 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A623F6C1-0137-4125-B6B8-F3C78225ADE3}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B70D9CB7-8BAA-4274-97B5-0CFE1B995198}: DhcpNameServer = 209.183.35.23 209.183.33.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E33ED6E5-7A9D-4435-AFC4-A21691F776D9}: DhcpNameServer = 216.136.33.82 64.132.94.250
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\office depot\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\office depot\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/29 07:21:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: rootrepeal.sys - Reg Error: Value error.
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks, Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/14 21:34:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\office depot\Desktop\OTL.exe
[2011/12/11 22:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/11 13:57:16 | 000,000,000 | ---D | C] -- C:\Users\office depot\Desktop\Logs
[2011/12/10 17:37:22 | 000,000,000 | ---D | C] -- C:\Users\office depot\Desktop\SysProt
[2011/12/10 17:06:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/09 22:13:40 | 000,000,000 | ---D | C] -- C:\Users\office depot\AppData\Local\temp
[2011/12/09 22:05:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/09 21:52:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/06 21:14:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/06 21:14:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/06 21:14:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/06 21:14:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/06 21:14:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/06 21:13:53 | 004,328,480 | R--- | C] (Swearware) -- C:\Users\office depot\Desktop\ComboFix.exe
[2011/12/06 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\office depot\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/06 12:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/06 12:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/06 12:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/06 09:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/06 09:09:36 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/12/06 09:09:36 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/06 09:09:33 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/06 09:09:33 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/12/06 09:09:33 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/12/06 09:09:32 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/06 09:09:22 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/12/06 09:09:22 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/06 09:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/06 09:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/05 17:31:27 | 000,000,000 | ---D | C] -- C:\Users\office depot\AppData\Roaming\Malwarebytes
[2011/12/05 17:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/05 17:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/05 17:31:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/05 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/05 16:57:31 | 000,000,000 | ---D | C] -- C:\Users\office depot\AppData\Roaming\Systweak
[2011/12/05 16:57:28 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2011/12/05 16:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2011/12/05 16:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2011/11/27 14:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(21)
[2011/11/27 14:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(22)
[2007/07/04 08:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/02/28 12:43:32 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbxih.exe
[2007/02/28 12:43:30 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbxcoms.exe
[2007/02/28 12:43:28 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbxcfg.exe
[2007/01/30 03:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbxpmui.dll
[2007/01/30 03:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbxserv.dll
[2007/01/30 03:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbxcomm.dll
[2007/01/30 03:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbxpplc.dll
[2007/01/30 03:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbxcomc.dll
[2007/01/30 03:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbxprox.dll
[2007/01/30 03:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbxusb1.dll
[2007/01/30 03:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbxhbn3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/14 21:34:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\office depot\Desktop\OTL.exe
[2011/12/14 14:56:10 | 000,706,742 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/14 14:56:10 | 000,143,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/14 14:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 21:54:47 | 105,515,512 | ---- | M] () -- C:\Users\office depot\Desktop\setup_11.0.0.1245.x01_2011_12_12_04_22.exe
[2011/12/11 14:06:14 | 000,294,216 | ---- | M] () -- C:\Users\office depot\Desktop\gmer.zip
[2011/12/11 13:54:00 | 229,227,524 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/11 13:40:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 20:52:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2011/12/10 20:52:24 | 000,464,491 | ---- | M] () -- C:\Users\office depot\Desktop\RootRepeal.zip
[2011/12/09 22:05:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/07 16:14:24 | 000,869,194 | ---- | M] () -- C:\Users\office depot\Desktop\SecurityCheck.exe
[2011/12/07 16:00:21 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E711352B-2144-4CCB-92E2-F93AF208A142}.job
[2011/12/07 15:57:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-981839275-669083101-988588451-1000UA.job
[2011/12/07 15:50:14 | 000,085,876 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/07 15:50:14 | 000,085,876 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/07 15:48:28 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/07 15:44:52 | 000,001,347 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/07 15:39:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 21:13:53 | 004,328,480 | R--- | M] (Swearware) -- C:\Users\office depot\Desktop\ComboFix.exe
[2011/12/06 12:20:05 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/06 11:58:45 | 000,000,221 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/12/06 11:58:45 | 000,000,012 | ---- | M] () -- C:\Windows\BRVIDEO.INI
[2011/12/06 09:09:37 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/06 09:09:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/05 17:31:15 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 16:57:27 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2011/12/05 16:47:59 | 000,240,023 | ---- | M] () -- C:\Users\office depot\AppData\Local\census.cache
[2011/12/05 16:47:49 | 000,243,254 | ---- | M] () -- C:\Users\office depot\AppData\Local\ars.cache
[2011/12/05 16:24:06 | 000,000,036 | ---- | M] () -- C:\Users\office depot\AppData\Local\housecall.guid.cache
[2011/12/05 14:51:41 | 000,640,048 | ---- | M] () -- C:\Users\office depot\Documents\cc_2011filechanges.reg
[2011/12/05 14:44:00 | 000,002,529 | ---- | M] () -- C:\Users\office depot\Desktop\SOS Student.lnk
[2011/12/05 14:43:55 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\SOS Teacher.lnk
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/21 20:03:19 | 000,000,435 | ---- | M] () -- C:\Users\office depot\dps.xml
[2011/11/19 11:52:52 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
 
========== Files Created - No Company Name ==========
 
[2011/12/11 21:54:46 | 105,515,512 | ---- | C] () -- C:\Users\office depot\Desktop\setup_11.0.0.1245.x01_2011_12_12_04_22.exe
[2011/12/11 14:06:00 | 000,294,216 | ---- | C] () -- C:\Users\office depot\Desktop\gmer.zip
[2011/12/10 20:52:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2011/12/10 20:52:13 | 000,464,491 | ---- | C] () -- C:\Users\office depot\Desktop\RootRepeal.zip
[2011/12/07 16:14:15 | 000,869,194 | ---- | C] () -- C:\Users\office depot\Desktop\SecurityCheck.exe
[2011/12/06 21:14:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/06 21:14:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/06 21:14:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/06 21:14:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/06 21:14:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/06 12:20:05 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/06 09:09:37 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/05 17:31:15 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 16:57:27 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2011/12/05 16:47:59 | 000,240,023 | ---- | C] () -- C:\Users\office depot\AppData\Local\census.cache
[2011/12/05 16:47:49 | 000,243,254 | ---- | C] () -- C:\Users\office depot\AppData\Local\ars.cache
[2011/12/05 16:24:06 | 000,000,036 | ---- | C] () -- C:\Users\office depot\AppData\Local\housecall.guid.cache
[2011/12/05 14:51:10 | 000,640,048 | ---- | C] () -- C:\Users\office depot\Documents\cc_2011filechanges.reg
[2011/12/05 13:27:19 | 229,227,524 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/14 06:35:24 | 000,042,122 | ---- | C] () -- C:\Users\office depot\AppData\Roaming\UserTile.png
[2011/01/17 12:55:59 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/17 12:55:59 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2170W.DAT
[2011/01/17 12:55:08 | 000,000,012 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/01/17 12:55:08 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/01/17 12:53:07 | 000,000,221 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/03/16 15:40:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/15 20:22:45 | 000,008,915 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/02/15 19:06:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/25 16:22:42 | 000,085,876 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/25 16:22:42 | 000,085,876 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/15 17:47:09 | 000,522,505 | ---- | C] () -- C:\ProgramData\phn.dat
[2009/08/31 20:23:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/31 20:23:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/02 12:46:43 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/06/10 20:19:30 | 000,000,093 | ---- | C] () -- C:\Windows\psdxport.ini
[2009/06/10 20:19:30 | 000,000,074 | ---- | C] () -- C:\Windows\psdewin.ini
[2009/06/09 13:17:38 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/06/09 13:17:38 | 000,000,088 | RHS- | C] () -- C:\ProgramData\227141D840.sys
[2009/05/08 15:04:56 | 000,061,440 | ---- | C] () -- C:\Windows\uninstall.exe
[2008/09/12 05:47:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/14 15:42:12 | 000,000,022 | ---- | C] () -- C:\Users\office depot\AppData\Local\kodakpcd.ini
[2008/06/30 08:00:10 | 000,000,072 | ---- | C] () -- C:\Windows\iltwain.ini
[2008/04/18 14:38:16 | 000,147,687 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/04/18 14:38:16 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/02/18 18:37:14 | 000,000,680 | ---- | C] () -- C:\Users\office depot\AppData\Local\d3d9caps.dat
[2007/12/12 13:41:33 | 000,000,100 | ---- | C] () -- C:\Users\office depot\AppData\Local\fusioncache.dat
[2007/08/22 10:50:38 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/08/21 18:24:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/05 00:54:01 | 000,004,896 | ---- | C] () -- C:\Users\office depot\AppData\Roaming\wklnhst.dat
[2007/05/09 06:16:40 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/04/21 09:48:40 | 000,005,632 | ---- | C] () -- C:\Users\office depot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/07 08:41:38 | 000,042,656 | ---- | C] () -- C:\Users\office depot\AppData\Roaming\nvModes.001
[2007/04/07 08:41:33 | 000,042,656 | ---- | C] () -- C:\Users\office depot\AppData\Roaming\nvModes.dat
[2007/02/18 20:26:42 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbxinsr.dll
[2007/02/18 20:26:36 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbxcur.dll
[2007/02/18 20:26:16 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbxjswr.dll
[2007/02/18 20:23:24 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbxinsb.dll
[2007/02/18 20:23:18 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbxcub.dll
[2007/02/18 20:23:10 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbxcu.dll
[2007/02/18 20:23:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbxins.dll
[2007/02/18 20:21:58 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbxutil.dll
[2007/01/21 20:18:02 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbxcfg.dll
[2006/12/29 06:18:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/29 01:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,516,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,706,742 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,143,982 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 01:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 01:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/07 13:19:02 | 000,540,672 | ---- | C] () -- C:\Windows\System32\TX32.DLL
[2005/07/07 13:19:02 | 000,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll
[2005/07/07 13:19:02 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Eztw32.dll
[2005/07/07 13:18:52 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2005/07/07 13:18:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2005/05/07 22:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2002/02/27 08:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2002/02/27 08:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2002/02/27 08:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
 
========== LOP Check ==========
 
[2009/12/02 18:23:15 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\Amazon
[2010/01/21 18:18:08 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\Bytemobile
[2008/11/06 16:21:56 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/09 12:03:13 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\DriverCure
[2009/11/24 14:31:03 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\E-centives
[2007/09/19 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\funkitron
[2009/12/14 14:59:17 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\OpenOffice.org
[2008/06/26 17:17:13 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\PopCap
[2010/01/21 16:53:31 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\Sierra Wireless
[2008/07/14 08:11:45 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\Skinux
[2011/12/05 16:57:31 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\Systweak
[2007/08/05 00:54:02 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\Template
[2007/04/07 08:41:03 | 000,000,000 | ---D | M] -- C:\Users\office depot\AppData\Roaming\WildTangent
[2011/11/10 15:00:33 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/07 16:00:21 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E711352B-2144-4CCB-92E2-F93AF208A142}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< c:\$recycle.bin\*.* /s >
[2011/12/09 22:05:23 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-981839275-669083101-988588451-1000\desktop.ini
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-07 21:55:45
 
 
< MD5 for: AGP440.SYS  >
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 12:39:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 12:39:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 12:39:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: AUTOCHK.EXE  >
[2009/04/11 00:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 00:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/19 01:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006/11/02 03:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe
 
< MD5 for: BEEP.SYS  >
[2008/01/18 23:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\ERDNT\cache\beep.sys
[2008/01/18 23:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/18 23:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006/11/02 02:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 15:01:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 15:01:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
[color=#A23BEC
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 14, 2011, 09:30:08 PM
OTL Extras logfile created on: 12/14/2011 9:55:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\office depot\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.91% Memory free
4.23 Gb Paging File | 3.89 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.45 Gb Total Space | 52.67 Gb Free Space | 36.97% Space Free | Partition Type: NTFS
Drive D: | 6.60 Gb Total Space | 0.44 Gb Free Space | 6.70% Space Free | Partition Type: NTFS
 
Computer Name: CASEYSLAPTOP | User Name: office depot | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E58074-C9A5-4C09-9A6D-7E2FB1EAEABB}" = rport=1723 | protocol=6 | dir=out | app=system |
"{0FBB377A-73DB-4E96-84BC-1C3B7332B912}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{1E2330EB-0C5C-4EBF-ADE8-DE94C05359B7}" = rport=5358 | protocol=6 | dir=out | app=system |
"{215DBB87-BB64-4A77-AA60-115617CCBC58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{286F3E82-7636-4494-B3C3-4196248DCFBC}" = lport=1723 | protocol=6 | dir=in | app=system |
"{351E1190-B31E-460E-953C-2CB6EFF17FF9}" = lport=5358 | protocol=6 | dir=in | app=system |
"{5E4C88F7-4984-488E-8BE7-B0AA98698E35}" = rport=1701 | protocol=17 | dir=out | app=system |
"{6E33A28F-C42F-452A-9700-3DD9262611EC}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{8CD2393D-EDDD-47A0-8EF1-B3643EA6A433}" = lport=5357 | protocol=6 | dir=in | app=system |
"{AEE55DE3-8CAC-4716-859D-84FA8B059593}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{BA33174F-098E-44CC-82B8-E2C84FA114B6}" = lport=1701 | protocol=17 | dir=in | app=system |
"{CB8B0720-C4B1-4A5F-9481-AA0670735BA9}" = lport=445 | protocol=6 | dir=in | app=system |
"{CCB5C760-43CB-4E66-8754-6828F93672B9}" = rport=5357 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{110AF835-C1FA-4B10-8D5D-12C7045342B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{290CC207-0F18-4D8C-A617-B6B95D081BDF}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{5FADAAF5-7026-4BA4-96EB-82D0A81F26AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{626A5080-15C1-4A5B-82F8-F15F0E728B99}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{64CD1AED-3137-4834-9FE6-2CDEFE9CED40}" = protocol=6 | dir=in | app=c:\windows\system32\dlbxcoms.exe |
"{7C39CF9D-2EA1-424A-AD2D-38B1E7AED8B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A9BA13A-1075-4133-9D8D-3D06CAB7814C}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{8BA4B469-5935-4505-81FE-1838FFC713B7}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{B804D16E-7F3D-4FF6-9924-600084F2621C}" = protocol=17 | dir=in | app=c:\program files\netzero\exec.exe |
"{C8F0F144-C002-486E-A62D-0B4D455C7F28}" = protocol=17 | dir=in | app=c:\windows\system32\dlbxcoms.exe |
"{CE840C84-4B4C-432A-89D0-CF5591196481}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{D0B29A37-8623-4F72-A2AF-2BF9C5ABA25C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{E102F59B-BB89-4F24-B9DD-2529DA9000CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF04E17D-9688-45D9-8FA5-C7612057C675}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{F678864F-0168-46F1-8C05-4AD53C6A94EE}" = protocol=6 | dir=in | app=c:\program files\netzero\exec.exe |
"TCP Query User{6788D697-B91B-4BF7-AAF4-43A0E2D1C6B7}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{CDE3A3CC-522A-487B-BC93-D66DE5C2D8B6}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{14BD5DB3-B56A-420F-90D3-EFB01D90276D}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{F0FECDCC-FC92-4DF3-A7F9-13B15212B20E}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{000AB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1101AD13-F7A9-4B65-83C6-48344E8F88C2}" = Switched-On Schoolhouse 2011 - Home Edition Tutorials
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ALLDATASC)
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E3A110A-7FAE-4DC0-8E39-BAFFE89724B6}" = HP User Guide 0049
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus(R) for Corel
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54EE4F1E-4AD4-4085-96B3-96DB2CF70856}" = ServiceCenter
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5DF5621C-5071-4F68-B623-69FD2D36DA3C}" = LaserCat
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6AF4A721-280D-40FA-8AD6-A2EC4314F16F}" = Switched-On Schoolhouse 2011 - Home Edition
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SOSHOME309)
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A131EC70-DADF-41B5-94D3-854A4DEF8B28}" = Print Perfect DVD
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A16B3EA2-8798-4960-8D8B-18D3149AD617}" = OpenOffice.org 3.1
"{A1D7375C-9D57-4376-8D20-4C504C9F4D38}" = GameFinder
"{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9DC9256-709F-4BEA-B39D-4F11D90585AA}" = HP Smart Web Printing
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D90AD053-6F8D-4658-9EB8-D57C8BE39092}" = QBFC 7.0
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529046}" = WordPerfect Office X4 - IPM T EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}" = WordPerfect Office X4 - MAIL
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3C0A1C8-F588-4A5B-87A0-08090B61DD42}" = Switched-On Schoolhouse 2011 - Home Edition Database
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE690DCE-5D8D-4E52-9F72-F3ADE168A631}" = QBFC 6.0
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8 D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Disney Toontown Online" = Disney Toontown Online
"Fender FUSE" = Fender FUSE 2.2.2.31
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.24341)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Viewer_is1" = Photo Viewer s2.5
"PROSet" = Intel(R) Network Connections Drivers
"RegClean Pro_is1" = RegClean Pro
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Print Shop Deluxe" = The Print Shop Deluxe III
"Virtools3DLifePlayer" = Virtools 3D Life Player
"WildTangent hplaptop Master Uninstall" = My HP Games
"Zoo Vet 2" = Zoo Vet 2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"At a Glance Photo Viewing Software" = At a Glance Photo Viewing Software
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/11/2011 3:59:35 PM | Computer Name = CaseysLaptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19154, time stamp
 0x4e8634f0, faulting module Flash10w.ocx, version 10.3.183.7, time stamp 0x4e52e8e0,
 exception code 0xc0000005, fault offset 0x0000282b,  process id 0x7fc, application
 start time 0x01ccb83f61c99963.
 
Error - 12/11/2011 4:03:13 PM | Computer Name = CaseysLaptop | Source = Application Error | ID = 1000
Description = Faulting application AvastUI.exe, version 6.0.1367.0, time stamp 0x4ed3cb98,
 faulting module Flash10w.ocx, version 10.3.183.7, time stamp 0x4e52e8e0, exception
 code 0xc0000005, fault offset 0x0000282b,  process id 0x2c0, application start time
 0x01ccb83fde94c3b0.
 
Error - 12/11/2011 10:58:02 PM | Computer Name = CaseysLaptop | Source = EventSystem | ID = 4609
Description =
 
Error - 12/11/2011 10:59:12 PM | Computer Name = CaseysLaptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19154, time stamp
 0x4e8634f0, faulting module Flash10w.ocx, version 10.3.183.7, time stamp 0x4e52e8e0,
 exception code 0xc0000005, fault offset 0x0000282b,  process id 0x650, application
 start time 0x01ccb879f1e7fc39.
 
Error - 12/11/2011 10:59:31 PM | Computer Name = CaseysLaptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19154, time stamp
 0x4e8634f0, faulting module Flash10w.ocx, version 10.3.183.7, time stamp 0x4e52e8e0,
 exception code 0xc0000005, fault offset 0x0000282b,  process id 0x258, application
 start time 0x01ccb87a0d7e9770.
 
Error - 12/11/2011 11:01:16 PM | Computer Name = CaseysLaptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19154, time stamp
 0x4e8634f0, faulting module Flash10w.ocx, version 10.3.183.7, time stamp 0x4e52e8e0,
 exception code 0xc0000005, fault offset 0x0000282b,  process id 0x724, application
 start time 0x01ccb87a49d289c8.
 
Error - 12/11/2011 11:02:38 PM | Computer Name = CaseysLaptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19154, time stamp
 0x4e8634f0, faulting module Flash10w.ocx, version 10.3.183.7, time stamp 0x4e52e8e0,
 exception code 0xc0000005, fault offset 0x0000282e,  process id 0x414, application
 start time 0x01ccb87a6f172070.
 
Error - 12/11/2011 11:56:11 PM | Computer Name = CaseysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
 
Error - 12/11/2011 11:58:11 PM | Computer Name = CaseysLaptop | Source = EventSystem | ID = 4609
Description =
 
Error - 12/14/2011 4:52:51 PM | Computer Name = CaseysLaptop | Source = EventSystem | ID = 4609
Description =
 
[ Media Center Events ]
Error - 12/2/2007 8:56:08 PM | Computer Name = officedepot-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 12/3/2007 2:51:09 PM | Computer Name = officedepot-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 5/30/2008 7:40:02 AM | Computer Name = CaseysLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 6/2/2008 9:24:58 AM | Computer Name = CaseysLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 6/2/2008 1:12:14 PM | Computer Name = CaseysLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 8/28/2008 8:01:11 AM | Computer Name = CaseysLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 9/16/2008 5:47:20 PM | Computer Name = CaseysLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 6/9/2009 8:09:34 AM | Computer Name = CaseysLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 7/16/2009 8:08:54 PM | Computer Name = CaseysLaptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide
 
Error - 3/15/2011 1:29:02 AM | Computer Name = CaseysLaptop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide
 
[ OSession Events ]
Error - 4/14/2008 6:09:03 PM | Computer Name = CaseysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14175
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 6/2/2008 7:07:30 PM | Computer Name = CaseysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1600
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 9/10/2010 9:50:26 PM | Computer Name = CaseysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 36924
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2/11/2011 1:06:50 PM | Computer Name = CaseysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 92
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12/14/2011 4:52:02 PM | Computer Name = CaseysLaptop | Source = DCOM | ID = 10005
Description =
 
Error - 12/14/2011 4:52:02 PM | Computer Name = CaseysLaptop | Source = LSM | ID = 1048
Description =
 
Error - 12/14/2011 4:52:41 PM | Computer Name = CaseysLaptop | Source = DCOM | ID = 10005
Description =
 
Error - 12/14/2011 4:52:51 PM | Computer Name = CaseysLaptop | Source = DCOM | ID = 10005
Description =
 
Error - 12/14/2011 4:52:57 PM | Computer Name = CaseysLaptop | Source = DCOM | ID = 10005
Description =
 
Error - 12/14/2011 4:53:01 PM | Computer Name = CaseysLaptop | Source = DCOM | ID = 10005
Description =
 
Error - 12/14/2011 4:53:03 PM | Computer Name = CaseysLaptop | Source = DCOM | ID = 10005
Description =
 
Error - 12/14/2011 4:53:13 PM | Computer Name = CaseysLaptop | Source = Service Control Manager | ID = 7001
Description =
 
Error - 12/14/2011 4:53:13 PM | Computer Name = CaseysLaptop | Source = Service Control Manager | ID = 7026
Description =
 
Error - 12/14/2011 4:54:03 PM | Computer Name = CaseysLaptop | Source = Service Control Manager | ID = 7001
Description =
 
 
< End of report >
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 15, 2011, 12:47:23 PM
Quote
A problem has been detected and windows has been shut down to prevent damage to your computer.
This is a whole page message, and I can tell you all of it if you need it. 
Could you please give me the whole message?
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 15, 2011, 01:56:50 PM
A problem has been detected and windows has been shut down to prevent damage to your computer

Attempt to reset the display driver and recover from timeout failed.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software.  Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup options, and then select safe mode.

Technical information:

*** STOP: 0x00000116 (0x857F3510, 0x8D013A70, 0x00000000, 0x00000002)

*** nvlddmkm.sys - Address 8D013A70 base at 8D00A000, DateStamp 493750e2

Collecting data for crash dump...
Initializing disk for crash dump...
Beginning dump of physical memory.
Dumping physical memory to disk: 100
Physical memory dump complete.
Contact your system admin or technical support group for further assistance. 
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 15, 2011, 07:35:52 PM
Let's run a few more scans to see what turns up.

Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)

On completion of the scan click save log, save it to your desktop and post in your next reply
*************************************************
Download Bootkit Remover  (http://www.esagelab.com/files/bootkit_remover.rar)to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip (http://www.7-zip.org/)

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press Enter

Open a Notepad and press CTRL V

Post the output back here.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 16, 2011, 12:43:24 PM
3 ׼ z Ύێr     z          fUB |2f"   >Uì
t _fQPH_s3ۀ
Ë*  8mt9u!fRECOf9t f9u
* E E<t
< t$<u- t tNuGNuD|u;=f3D  u} uB=t=Jt6Q>6S7   * E&Nf3 zC6Ou |  PW\chErr2
Err1 Err3
Press F11 for Emergency Recovery  s a key
                                 M]I   ?   e{  {                                 U
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 16, 2011, 12:46:21 PM
I clicked on the link for the BootKit Remover and it said:
Not Found
The requested URL /files/bootkit_remover.rar was not found on this server.


--------------------------------------------------------------------------------

Apache/2.2.16 (Debian) Server at www.esagelab.com Port 80
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 16, 2011, 05:35:04 PM
Quote
I clicked on the link for the BootKit Remover and it said:
Not Found
Sorry about that. I'll check it out.
We think that you are experiencing a video card/or driver problem. Please check you Device Manager to see if there are any yellow warning signs.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 16, 2011, 05:40:22 PM
I right clicked on My Computer, then I saw Device Manager. I clicked on that.
Under System Devices there is a yellow warning sign on Consumer IR Devices. I think that is the only one. It's hard to see because I'm using safe mode.
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 16, 2011, 05:42:40 PM
Can you try updating the video card driver?
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 16, 2011, 05:44:25 PM
Sure, If you can tell me how? :)
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 16, 2011, 06:12:02 PM
Here (http://pcsupport.about.com/od/driverssupport/f/driverupdate.htm) you go.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 16, 2011, 07:26:19 PM
Ok, I fixed the Driver
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 16, 2011, 07:53:50 PM
Quote from: casey071 on December 16, 2011, 07:26:19 PM
Ok, I fixed the Driver
Any change?
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 16, 2011, 08:13:19 PM
no, Still black screen, and when I tried to restart it without going into safe mode, still the same error message came up

Quote from: casey071 on December 15, 2011, 01:56:50 PM
A problem has been detected and windows has been shut down to prevent damage to your computer

Attempt to reset the display driver and recover from timeout failed.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software.  Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup options, and then select safe mode.

Technical information:

*** STOP: 0x00000116 (0x857F3510, 0x8D013A70, 0x00000000, 0x00000002)

*** nvlddmkm.sys - Address 8D013A70 base at 8D00A000, DateStamp 493750e2

Collecting data for crash dump...
Initializing disk for crash dump...
Beginning dump of physical memory.
Dumping physical memory to disk: 100
Physical memory dump complete.
Contact your system admin or technical support group for further assistance. 
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 17, 2011, 11:08:58 AM
Everything points to the video card now.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 17, 2011, 11:53:59 AM
Will I have to replace the card or is there a fix?
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 17, 2011, 05:07:25 PM
Quote from: casey071 on December 17, 2011, 11:53:59 AM
Will I have to replace the card or is there a fix?
Unfortunately, there's no fix for the card. See if you can borrow one from another computer.
Title: Re: Malware or Virus possibly on my computer
Post by: casey071 on December 17, 2011, 07:58:30 PM
Does it have to be another laptop? Does it matter what brand?
Title: Re: Malware or Virus possibly on my computer
Post by: SuperDave on December 18, 2011, 12:17:53 PM
Quote from: casey071 on December 17, 2011, 07:58:30 PM
Does it have to be another laptop? Does it matter what brand?
The brand doesn't matter much but it will have to be for a laptop. You could get more information in the hardware forum.