1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win 7 Security 2011 malware removal help please

Discussion in 'Virus & Other Malware Removal' started by jillnjosh, Jun 1, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. jillnjosh

    jillnjosh Thread Starter

    Joined:
    Jun 1, 2011
    Messages:
    7
    The computer is infected with Win 7 Security 2011. I ran House Call last night, it found ten objects but wouldn't remove them. It chose ignore, and wouldn't allow me to quarantine them. I ran a quick scan, and found nothing. The complete scan took 4+ hours, and came up with the ten objects.

    MalwareBytes will not load up, and HJT will not create a log file. When I ran the suggested program..., it came up with a "sample hosts file", and there were no lines mentioning HJT. The output is below:

    # Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    # localhost name resolution is handled within DNS itself.
    # 127.0.0.1 localhost
    # ::1 localhost



    I ran TFC, OTL, DDS, and TSG SysInfo.

    SysInfo output:
    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows 7 Home Premium , 64 bit
    Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
    Processor Count: 2
    RAM: 2810 Mb
    Graphics Card: AMD M880G with ATI Mobility Radeon HD 4250 , 256 Mb
    Hard Drives: C: Total - 224139 MB, Free - 163283 MB; D: Total - 14030 MB, Free - 2010 MB; E: Total - 99 MB, Free - 91 MB;
    Motherboard: Hewlett-Packard, 1444, 69.17, CNF0234T17
    Antivirus: Norton Internet Security, Disabled

    I did the reboot after TFC, and there was no apparent change.

    I ran OTL with Custom Scan, and the following in the box:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    The OTL output file:
    OTL logfile created on: 6/1/2011 9:50:51 AM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = G:\
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 63.51% Memory free
    5.49 Gb Paging File | 4.14 Gb Available in Paging File | 75.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.89 Gb Total Space | 158.97 Gb Free Space | 72.63% Space Free | Partition Type: NTFS
    Drive D: | 13.70 Gb Total Space | 1.96 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 91.58 Mb Free Space | 92.33% Space Free | Partition Type: FAT32
    Drive F: | 7.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 480.08 Mb Total Space | 113.04 Mb Free Space | 23.55% Space Free | Partition Type: FAT

    Computer Name: JOHN-PC | User Name: john | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/01 02:41:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
    PRC - [2011/05/31 20:15:36 | 000,360,448 | -HS- | M] (Microsoft Corporation) -- C:\Users\john\AppData\Local\icw.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/02/26 16:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/01 02:41:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
    MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/04/05 11:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2010/03/10 20:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/02/05 10:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2010/01/12 15:44:24 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/26 16:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
    SRV - [2010/01/04 11:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/11/01 12:40:36 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/05/05 21:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys -- (SYMTDIv)
    DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2010/04/24 02:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2010/04/24 02:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2010/04/24 02:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2010/04/24 02:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2010/03/10 20:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/03/10 19:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP)
    DRV:64bit: - [2010/02/22 13:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/02/05 17:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/01/19 18:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/11/27 18:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/09/30 18:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
    DRV:64bit: - [2009/08/29 17:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS)
    DRV:64bit: - [2009/08/23 19:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2010/11/01 11:00:19 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2010/10/29 17:37:50 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2010/10/19 13:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101029.001\IDSviA64.sys -- (IDSVia64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=2
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?ilc=1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/01/07 09:46:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2011/01/07 09:53:45 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/11 21:51:00 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe (Support.com)
    O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "C:\Users\john\AppData\Local\icw.exe" -a "%1" %* (Microsoft Corporation)
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "C:\Users\john\AppData\Local\icw.exe" -a "%1" %* (Microsoft Corporation)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/31 20:33:43 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
    [2011/05/31 20:15:36 | 000,360,448 | -HS- | C] (Microsoft Corporation) -- C:\Users\john\AppData\Local\icw.exe
    [2011/05/31 20:15:32 | 000,360,448 | -HS- | C] (Microsoft Corporation) -- C:\Users\john\AppData\Local\kri.exe
    [2011/05/27 09:39:32 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Malwarebytes
    [2011/05/27 09:39:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/05/27 09:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/27 09:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/27 09:39:21 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/05/27 09:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/05/27 09:38:34 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\john\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/27 09:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/05/27 09:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/05/27 09:24:40 | 003,096,424 | ---- | C] (Piriform Ltd) -- C:\Users\john\Desktop\ccsetup307.exe
    [2011/05/27 08:40:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2011/05/27 08:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/05/27 00:37:03 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
    [2011/05/23 17:43:10 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
    [2011/05/23 17:43:10 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
    [2011/05/10 17:48:08 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2011/05/10 17:48:05 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2011/05/10 17:48:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2011/05/10 17:48:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2011/05/10 17:48:01 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2011/05/10 15:03:44 | 000,000,000 | ---D | C] -- C:\Users\john\Tracing

    ========== Files - Modified Within 30 Days ==========

    [2011/06/01 09:50:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/01 09:43:23 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjohn.job
    [2011/06/01 09:36:38 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/01 09:36:38 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/01 09:30:49 | 000,011,450 | -HS- | M] () -- C:\Users\john\AppData\Local\4w232xb685sdgy8xb38tw0xmo344ym82n08g
    [2011/06/01 09:29:20 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/01 09:28:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/01 09:28:48 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/01 09:19:32 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/06/01 00:16:49 | 000,011,458 | -HS- | M] () -- C:\ProgramData\4w232xb685sdgy8xb38tw0xmo344ym82n08g
    [2011/05/31 20:31:58 | 000,000,036 | ---- | M] () -- C:\Users\john\AppData\Local\housecall.guid.cache
    [2011/05/31 20:31:54 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/05/31 20:31:54 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/05/31 20:31:54 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/05/31 20:15:36 | 000,360,448 | -HS- | M] (Microsoft Corporation) -- C:\Users\john\AppData\Local\icw.exe
    [2011/05/31 20:15:32 | 000,360,448 | -HS- | M] (Microsoft Corporation) -- C:\Users\john\AppData\Local\kri.exe
    [2011/05/27 09:39:25 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/27 09:38:35 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\john\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/27 09:27:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/05/27 09:24:47 | 003,096,424 | ---- | M] (Piriform Ltd) -- C:\Users\john\Desktop\ccsetup307.exe

    ========== Files Created - No Company Name ==========

    [2011/06/01 09:19:32 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/05/31 20:31:58 | 000,000,036 | ---- | C] () -- C:\Users\john\AppData\Local\housecall.guid.cache
    [2011/05/31 20:15:42 | 000,011,458 | -HS- | C] () -- C:\ProgramData\4w232xb685sdgy8xb38tw0xmo344ym82n08g
    [2011/05/31 20:15:42 | 000,011,450 | -HS- | C] () -- C:\Users\john\AppData\Local\4w232xb685sdgy8xb38tw0xmo344ym82n08g
    [2011/05/27 09:39:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/27 09:27:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/04/10 11:00:32 | 000,001,854 | ---- | C] () -- C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
    [2011/01/13 12:13:16 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/06/09 01:35:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/06/09 01:33:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2010/06/09 01:29:44 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2010/06/09 01:29:44 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/05/14 21:03:54 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
    [2010/02/23 13:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/02/09 18:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
    [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/06/01 09:28:48 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/01 09:28:52 | 2947,440,640 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/07 07:57:51 | 000,002,531 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\*./mp /s >

    < %systemroot%\System32\config\*.sav >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >

    The OTL Extras output:
    OTL Extras logfile created on: 6/1/2011 9:50:51 AM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = G:\
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 63.51% Memory free
    5.49 Gb Paging File | 4.14 Gb Available in Paging File | 75.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.89 Gb Total Space | 158.97 Gb Free Space | 72.63% Space Free | Partition Type: NTFS
    Drive D: | 13.70 Gb Total Space | 1.96 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 91.58 Mb Free Space | 92.33% Space Free | Partition Type: FAT32
    Drive F: | 7.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 480.08 Mb Total Space | 113.04 Mb Free Space | 23.55% Space Free | Partition Type: FAT

    Computer Name: JOHN-PC | User Name: john | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- C:\Users\john\AppData\Local\icw.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{477EE3A9-4B53-0F22-DB40-277ED46E9E72}" = ccc-utility64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{6A66C1E5-4146-4CA6-A551-627CFCEACC83}" = HP Quick Launch
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{C3F0426C-175D-39B7-7A14-D6B21952DE5E}" = ATI Catalyst Install Manager
    "{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
    "{0AD3D4FC-0B19-B2F2-376A-E6BF36BA342B}" = ccc-core-static
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1E27900B-E594-DCA9-10DB-C87A8318991C}" = CCC Help French
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{31F4E558-F8A8-170E-BD85-BAD4EE739991}" = CCC Help Hungarian
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{5124C3E2-5BE8-3FFA-F958-CF0C99961566}" = CCC Help Swedish
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{53839C74-42E0-72E8-0369-C9713A319A26}" = Catalyst Control Center InstallProxy
    "{54F17069-7E87-A85A-9078-6F5B06AF21A3}" = CCC Help German
    "{6048D442-6C92-D73C-D248-02C1D4038C3E}" = CCC Help Finnish
    "{608A6E25-720C-8171-F887-F7664A23CA0C}" = CCC Help Norwegian
    "{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
    "{60FAD0EE-2F87-FAEB-FE05-0CDCF8179884}" = CCC Help Thai
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
    "{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6CAABDBA-F58D-565C-D36E-6D573B1B8E44}" = Catalyst Control Center Graphics Light
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{7908E6E5-4BBC-756D-A235-2CFCC142685D}" = CCC Help English
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{854DDB9E-D488-065B-9FEF-18C159E451AF}" = Catalyst Control Center Graphics Previews Vista
    "{85BCA864-BDC8-9299-C6AC-C032301D018C}" = Catalyst Control Center Graphics Full New
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87553C1A-35F4-142A-AC88-86B663F7F136}" = CCC Help Czech
    "{88146D95-5AEC-96BD-3107-A59328CE35BF}" = CCC Help Chinese Traditional
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B8797ED-6E75-FEBA-7210-90A2462B5DA7}" = CCC Help Japanese
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
    "{90C2329F-2EE2-5035-21B8-14F2F240D976}" = CCC Help Turkish
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
    "{B75E2857-9A0D-EE0D-B332-A05FBECDDB83}" = Catalyst Control Center Graphics Previews Common
    "{BA8D33B9-40B5-BC33-1F48-C2ADC90ABA95}" = CCC Help Italian
    "{BD50BAF8-8DBD-C054-ACAA-EB7300A09B5F}" = CCC Help Korean
    "{C3CBA627-2962-C9B2-6698-C89658757EB9}" = Catalyst Control Center Localization All
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
    "{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE8F47D8-1C4D-48F3-F9F3-3D5DFCC75C24}" = Catalyst Control Center Core Implementation
    "{CF4EFF53-CA7D-9479-3E18-AB6253497A95}" = CCC Help Russian
    "{D19E881A-4A1E-A947-717F-B8DA93AE2EDA}" = CCC Help Chinese Standard
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D89D0D05-670D-D6C5-71DA-7C52F754F75F}" = CCC Help Dutch
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3148F44-518B-3232-58CA-77DB808E255F}" = Catalyst Control Center Graphics Full Existing
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EC67E77D-7873-A1B1-17E1-263E10748EEF}" = CCC Help Danish
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F220D637-1086-83C2-EA21-25AF1FE47BEC}" = CCC Help Polish
    "{F4693A78-2E6C-2A26-B833-E13A4A5DACB4}" = CCC Help Greek
    "{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FD122F1F-A640-082D-F4CB-F01259A956B6}" = CCC Help Portuguese
    "{FDE722A1-1AEF-0641-D5D1-BA4C464BAB4C}" = CCC Help Spanish
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ARO 2011_is1" = ARO 2011
    "Diego's Dinosaur Rescue" = Diego's Dinosaur Rescue
    "Dora the Explorer: Swiper's Big Adventure" = Dora the Explorer: Swiper's Big Adventure
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "My HP Game Console" = HP Game Console
    "NIS" = Norton Internet Security
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PokerStars.net" = PokerStars.net
    "PriceGong" = PriceGong 2.1.0
    "Search Toolbar" = Search Toolbar
    "TuneUp ADV" = TuneUp ADV
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT082122" = Blackhawk Striker 2
    "WT082124" = Blasterball 3
    "WT082133" = Dora's Carnival Adventure
    "WT082141" = FATE
    "WT082168" = Penguins!
    "WT082170" = Plants vs. Zombies
    "WT082171" = Poker Superstars III
    "WT082172" = Polar Bowler
    "WT082173" = Polar Golfer
    "WT082188" = Virtual Families
    "WT082189" = Wheel of Fortune 2
    "WT082192" = Bejeweled 2 Deluxe
    "WT082200" = Chuzzle Deluxe
    "WT082241" = Virtual Villagers - The Secret City
    "WT082396" = Diner Dash 2 Restaurant Rescue
    "WT082438" = Build-a-lot 2
    "WT082442" = Faerie Solitaire
    "WT082443" = Jewel Quest 3
    "WT082456" = Mystery P.I. - The New York Fortune
    "WT082463" = Zuma's Revenge
    "WT082468" = Jewel Quest Solitaire 2
    "WT083477" = Cake Mania
    "WT083484" = Escape Rosecliff Island
    "WT083491" = TextTwist 2
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "blinkx beat" = blinkx beat
    "NetAssistant" = Freeze.com NetAssistant

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/18/2011 12:44:20 AM | Computer Name = john-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 4/19/2011 3:15:07 PM | Computer Name = john-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 4/20/2011 3:55:08 PM | Computer Name = john-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x80072745) failure (see data for failure code).

    Error - 4/20/2011 5:24:45 PM | Computer Name = john-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x80072745) failure (see data for failure code).

    Error - 4/20/2011 5:33:17 PM | Computer Name = john-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x80072745) failure (see data for failure code).

    Error - 4/23/2011 5:25:02 PM | Computer Name = john-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x80072745) failure (see data for failure code).

    Error - 4/24/2011 4:14:43 AM | Computer Name = john-PC | Source = Application Virtualization Client | ID = 6026
    Description = {tid=1C4C:usr=john} corrupt cp file detected ('Q:\140066.enu\osguard.cp').
    osguard cp file, NO CORRECTIVE ACTION TAKEN

    Error - 4/24/2011 3:48:44 PM | Computer Name = john-PC | Source = RapiMgr | ID = 8
    Description = Windows Mobile-based device failed to connect due to communication
    (0x8007274a) failure (see data for failure code).

    Error - 4/24/2011 4:36:56 PM | Computer Name = john-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
    time stamp: 0x4d65d5c3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0xf05d8980 Faulting process id:
    0xd90 Faulting application start time: 0x01cbfeefc9e46f39 Faulting application path:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
    Report
    Id: 9838ee3d-6eb2-11e0-81cf-8000600fe800

    Error - 4/25/2011 7:15:41 AM | Computer Name = john-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    [ Hewlett-Packard Events ]
    Error - 11/20/2010 11:59:45 AM | Computer Name = john-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    Error - 11/27/2010 11:14:27 AM | Computer Name = john-PC | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    Error - 4/6/2011 1:12:10 PM | Computer Name = john-PC | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041106101206.xml
    File not created by asset agent

    [ HP Wireless Assistant Events ]
    Error - 5/28/2011 2:54:57 PM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 5/31/2011 1:38:12 AM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 5/31/2011 1:38:12 AM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 5/31/2011 10:39:06 AM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 5/31/2011 10:39:06 AM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 5/31/2011 2:35:16 PM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 5/31/2011 2:35:16 PM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 5/31/2011 10:07:17 PM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

    Error - 5/31/2011 10:07:17 PM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = Unable to access panel brightness tables.

    Error - 6/1/2011 12:13:13 PM | Computer Name = john-PC | Source = HP WA Service | ID = 0
    Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

    at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

    [ Media Center Events ]
    Error - 5/11/2011 6:45:54 AM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 3:45:52 AM - Error connecting to the internet. 3:45:52 AM - Unable
    to contact server..

    Error - 5/12/2011 7:09:54 PM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 4:09:54 PM - Error connecting to the internet. 4:09:54 PM - Unable
    to contact server..

    Error - 5/12/2011 8:10:01 PM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 5:10:01 PM - Error connecting to the internet. 5:10:01 PM - Unable
    to contact server..

    Error - 5/12/2011 9:39:28 PM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 6:39:27 PM - Error connecting to the internet. 6:39:27 PM - Unable
    to contact server..

    Error - 5/12/2011 11:50:09 PM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 8:50:09 PM - Error connecting to the internet. 8:50:09 PM - Unable
    to contact server..

    Error - 5/18/2011 7:38:08 PM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 4:38:07 PM - Error connecting to the internet. 4:38:07 PM - Unable
    to contact server..

    Error - 5/18/2011 7:38:28 PM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 4:38:14 PM - Error connecting to the internet. 4:38:14 PM - Unable
    to contact server..

    Error - 5/27/2011 2:17:43 PM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 11:17:33 AM - Error connecting to the internet. 11:17:33 AM - Unable
    to contact server..

    Error - 5/28/2011 6:19:12 AM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 3:19:12 AM - Error connecting to the internet. 3:19:12 AM - Unable
    to contact server..

    Error - 5/28/2011 12:46:38 PM | Computer Name = john-PC | Source = MCUpdate | ID = 0
    Description = 9:46:01 AM - Error connecting to the internet. 9:46:01 AM - Unable
    to contact server..

    [ System Events ]
    Error - 6/1/2011 4:01:46 AM | Computer Name = john-PC | Source = Service Control Manager | ID = 7038
    Description = The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with
    the currently configured password due to the following error: %%1352 To ensure that
    the service is configured properly, use the Services snap-in in Microsoft Management
    Console (MMC).

    Error - 6/1/2011 4:01:46 AM | Computer Name = john-PC | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1069

    Error - 6/1/2011 4:01:46 AM | Computer Name = john-PC | Source = Service Control Manager | ID = 7038
    Description = The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService
    with the currently configured password due to the following error: %%50 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 6/1/2011 4:01:46 AM | Computer Name = john-PC | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1069

    Error - 6/1/2011 4:01:46 AM | Computer Name = john-PC | Source = Service Control Manager | ID = 7038
    Description = The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService
    with the currently configured password due to the following error: %%50 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 6/1/2011 4:01:46 AM | Computer Name = john-PC | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1069

    Error - 6/1/2011 4:01:49 AM | Computer Name = john-PC | Source = Service Control Manager | ID = 7023
    Description = The Server service terminated with the following error: %%1062

    Error - 6/1/2011 12:10:51 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BHDrvx64

    Error - 6/1/2011 12:27:45 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7034
    Description = The CinemaNow Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 6/1/2011 12:29:20 PM | Computer Name = john-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    BHDrvx64


    < End of report >

    The DDS output:
    .
    DDS (Ver_2011-06-01.06) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by john at 10:41:57 on 2011-06-01
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1613 [GMT -7:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\john\AppData\Local\icw.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=2
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\05343475946494 : DhcpNameServer = 8.8.4.4 151.202.0.84 4.2.2.2 4.2.2.1
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\24562797C6C69657D6D27657563747 : DhcpNameServer = 192.168.33.1 97.64.183.164 97.64.209.37
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\4656661657C647 : DhcpNameServer = 205.171.3.65 205.171.2.65
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\5433D44523 : DhcpNameServer = 192.168.4.21 192.168.4.20
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\8697164747 : DhcpNameServer = 12.127.16.67 12.127.17.71
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\D4F6E6F6452716E6175796C6F6D296E66796471646F6 : DhcpNameServer = 97.64.183.164 97.64.209.37
    TCP: Interfaces\{3ABB19FD-1624-4C00-9E21-3D4FB5A03DFE} : DhcpNameServer = 192.168.0.1
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: PriceGongBHO Class: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
    BHO-X64: PriceGong - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: NetAssistantBHO Class: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    BHO-X64: NetAssistantBHO - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS [?]
    R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101029.001\IDSviA64.sys [2010-10-19 476720]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS [?]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-14 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-4-5 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
    R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-12 19968]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2010-11-2 126392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx64.sys [2010-10-29 954928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-1 136176]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-1 136176]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-06-01 17:23:48 388096 ----a-r- C:\Users\john\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-01 17:23:48 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-06-01 03:33:43 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
    2011-06-01 03:15:36 360448 --sha-w- C:\Users\john\AppData\Local\icw.exe
    2011-06-01 03:15:32 360448 --sha-w- C:\Users\john\AppData\Local\kri.exe
    2011-05-31 22:43:12 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF3512BC-06C3-46D3-AA2C-4D2C0BB4528A}\mpengine.dll
    2011-05-27 16:39:32 -------- d-----w- C:\Users\john\AppData\Roaming\Malwarebytes
    2011-05-27 16:39:25 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-27 16:39:24 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-05-27 16:39:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-27 16:39:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-05-27 16:27:24 -------- d-----w- C:\Program Files\CCleaner
    2011-05-27 15:40:23 -------- d--h--w- C:\ProgramData\Common Files
    2011-05-27 15:39:30 -------- d-----w- C:\ProgramData\MFAData
    2011-05-27 07:38:34 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-05-27 07:37:52 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-05-27 07:37:03 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-27 07:34:09 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-05-24 00:43:10 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-24 00:43:10 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-15 06:42:13 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-05-15 06:41:40 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-05-15 06:40:30 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-05-15 06:40:22 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-05-11 00:48:08 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 00:48:05 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 00:48:05 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-11 00:48:02 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 00:48:01 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 00:48:01 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 00:48:01 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 00:48:01 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 00:48:01 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 00:48:01 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-10 22:03:44 -------- d-----w- C:\Users\john\Tracing
    .
    ==================== Find3M ====================
    .
    2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    .
    ============= FINISH: 10:42:44.32 ===============

    I have this computer to work on for a very limited time. If this cannot be worked on remotely, please let me know so that I can inform the owner (this was a "surprise" given to me at ten last night). I am not used to working in a Windows 7 environment, as most of the computers I work with are XP or older.

    Thanks for any help you can give me.

    Jill
     
  2. jillnjosh

    jillnjosh Thread Starter

    Joined:
    Jun 1, 2011
    Messages:
    7
    Since I wrote the first message, I ran SuperAntiSpyware. It found and removed:
    1) Adware tracking cookie
    C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    2) Adware Zango/Shopping Report (16 registry keys)
    3) Broswer Hijacker.Tubby (10 registry keys)
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#No Modify
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#Publisher
    (x86)HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize

    Did a shutdown and restart.

    Ran Sophos Anti-Rootkit. It found stuff, said it deleted them and to restart, and then when I opened it again after a restart, it said that stuff was "waiting to be deleted after a restart". It found:
    1) Hidden Registry Value
    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\OfflineDetectionPending
    2) Hidden Registry Key
    \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02B85A1A-A3C8-4017-823C-706C4AEFB3D1}
    3) Unknown hidden file
    C:\Users\john\Documents\FrostWire\Saved\Snatch - Soundtrack\04-TheJohnsonBrothers-HernandosHideaway.mp3

    I was not given the option to remove the hidden registry value or key, only the file. I deleted the file, did a restart and ran again. See problem above.

    I then installed and ran Hitman Pro 3.5.9 (it's a 64bit system). It found:
    1) icw.exe C:\Users\john\AppData\Local\
    2) kri.exe C:\Users\john\AppData\Local\
    Identified threats: 2 (Traces: 11)

    I applied the free 30-day license and deleted the objects. It said they were deleted, and then I did a shutdown and restart.

    Hitman Pro log output:
    - <Log computer="JOHN-PC" scan="Normal" version="3.5.9.122" date="2011-06-01T16:47:37" timeSpentInSecs="134" filesProcessed="29868">
    - <Item type="Malware" malwareName="Malware" score="111.0" status="Deleted">
    - <Scanners>
    <Scanner id="G Data" name="Gen:Variant.Katusha.6 (Engine-A)" />

    <Scanner id="DrWeb" name="Trojan.Fakealert.21346" />

    <Scanner id="Ikarus" name="Trojan.Win32.FakeAV!IK" />

    </Scanners>


    <File path="C:\Users\john\AppData\Local\icw.exe" hash="859B8FA0056CC9F8AB36985E6BDF64D9BF36E628502B8EAAE1AFED462D33D61F" />

    - <Startup>
    <Key path="HKLM\SOFTWARE\Classes\exefile\shell\open\command" />

    <Key path="HKU\.DEFAULT\SOFTWARE\Classes\exefile\shell\open\command" />

    <Key path="HKU\S-1-5-18\SOFTWARE\Classes\exefile\shell\open\command" />

    <Key path="HKU\S-1-5-21-417975700-1604057454-2941879617-1000\SOFTWARE\Classes\exefile\shell\open\command" />

    </Startup>


    - <References>
    <Key path="HKU\S-1-5-21-417975700-1604057454-2941879617-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\john\AppData\Local\icw.exe" />

    </References>


    </Item>


    - <Item type="Malware" malwareName="Malware" score="111.0" status="Deleted">
    - <Scanners>
    <Scanner id="G Data" name="Gen:Variant.Katusha.6 (Engine-A)" />

    <Scanner id="DrWeb" name="Trojan.Fakealert.21346" />

    <Scanner id="Ikarus" name="Trojan.Win32.FakeAV!IK" />

    </Scanners>


    <File path="C:\Users\john\AppData\Local\kri.exe" hash="859B8FA0056CC9F8AB36985E6BDF64D9BF36E628502B8EAAE1AFED462D33D61F" />

    </Item>


    </Log>





    Progress has been made. I was then able to run MalwareBytes. It found 2 infected objects:
    1) Hijack.ExeFile Registry Value
    2) Hijack.startmenuinternet Registry Data

    MBAM log file before disinfecting:
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6750

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    6/1/2011 7:07:16 PM
    mbam-log-2011-06-01 (19-06-41).txt

    Scan type: Full scan (C:\|D:\|E:\|Q:\|)
    Objects scanned: 334681
    Time elapsed: 38 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\john\AppData\Local\icw.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    MBAM log after disinfection:
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6750

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    6/1/2011 7:07:25 PM
    mbam-log-2011-06-01 (19-07-25).txt

    Scan type: Full scan (C:\|D:\|E:\|Q:\|)
    Objects scanned: 334681
    Time elapsed: 38 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\john\AppData\Local\icw.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    The darned Win 7 Security 2011 seems to be gone. At least it isn't popping up chronically now. I'm running Trend Micro House Call again to see how it works this time. After that, I will try to run HJT and see if I can get a log file. I also plan to install System Mechanic to clean up the registry.
     
  3. jillnjosh

    jillnjosh Thread Starter

    Joined:
    Jun 1, 2011
    Messages:
    7
    House Call took about ten hours to finish this time. :-( It said it found 2 suspicious files
    1) UPGRAD~2.CAB
    2) TROJ GEN.RO3C3DK

    I chose "fix", and it said it fixed them.

    I tried running HJT again, and I still can't get a log file. I would love some suggestions on how to achieve a log file for this computer. I got the same error, and same sample file when I followed the instructions to run notepad C:\Windows\system32\drivers\etc\hosts.

    When I open IE, I'm still getting popups for "Protected Mode" and the Google Toolbar message. It took 24 clicks on the "x" to get it to close, then I got a "Welcome to IE 8" popup and that took 22 clicks on the "x" to close, and then I got one for "Protected Mode" for Adobe Flash and that took 5 clicks on the "x" to close.

    When I went to download and install System Mechanic, I got the Adobe "Protected Mode" popup when trying to get to the Iolo site (took 2 clicks on the "x" to close) and when I clicked on the download page, I got the Google Toolbar "Protected Mode" popup, and it took 23 clicks on the "x" go get it to go away. I was able to download and save the file, and later implement it, though. I've run a few of the standard things on there, including cleaning up misc registry keys. I was hoping to get rid of any Norton Internet Security loose bits (I'm trying to install Kaspersky AntiVirus, and it keeps rejecting the install due to NIS), as I have repeatedly tried to uninstall it, yet it remains. Not sure if it's a problem with the Uninstaller (I even tried using the Uninstall feature from Norton), the Win 7 environment, or user error (I'm not familiar with Win 7, and could possibly be doing something wrong).

    I was able to run Windows Update, and installed the Win 7 Service Pack 1 (KB976932) and the Windows Live Essentials 2011 update, though it isn't showing up on the installed updates page.
     
  4. jillnjosh

    jillnjosh Thread Starter

    Joined:
    Jun 1, 2011
    Messages:
    7
    Kaspersky TDSSKiller found nothing.
     
  5. jillnjosh

    jillnjosh Thread Starter

    Joined:
    Jun 1, 2011
    Messages:
    7
    Well, I disabled Kaspersky and it didn't like it. (Where's the devil horns emoticon, anyway?:D) Nice person that I am, I reenabled it before I turned off that computer. ;) Norton Internet Security isn't on the computer at all anymore, as far as I know. If there are bits and pieces I need to remove, I'd appreciate it if you could point me to them. I thought I had got them all.

    .
    DDS (Ver_2011-06-01.06) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by john at 23:50:33 on 2011-06-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1656 [GMT -7:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=2
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    dRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\05343475946494 : DhcpNameServer = 8.8.4.4 151.202.0.84 4.2.2.2 4.2.2.1
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\24562797C6C69657D6D27657563747 : DhcpNameServer = 192.168.33.1 97.64.183.164 97.64.209.37
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\4656661657C647 : DhcpNameServer = 205.171.3.65 205.171.2.65
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\5433D44523 : DhcpNameServer = 192.168.4.21 192.168.4.20
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\8697164747 : DhcpNameServer = 12.127.16.67 12.127.17.71
    TCP: Interfaces\{3932A8FE-8B55-454E-AFB6-5D613E855539}\D4F6E6F6452716E6175796C6F6D296E66796471646F6 : DhcpNameServer = 97.64.183.164 97.64.209.37
    TCP: Interfaces\{3ABB19FD-1624-4C00-9E21-3D4FB5A03DFE} : DhcpNameServer = 192.168.0.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: PriceGongBHO Class: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
    BHO-X64: PriceGong - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    BHO-X64: link filter bho - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
    R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-14 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-4-5 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
    R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-12 19968]
    R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-6-2 724152]
    R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-6-2 724152]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-11-2 365336]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-1 136176]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-1 136176]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-06-04 04:25:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-06-04 00:33:49 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-06-04 00:33:49 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2011-06-03 15:52:33 -------- d-----w- C:\Users\john\AppData\Local\Opera
    2011-06-03 05:02:50 -------- d-----w- C:\Windows\en
    2011-06-03 04:59:37 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2011-06-03 04:59:37 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2011-06-03 04:59:36 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2011-06-03 04:59:36 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2011-06-03 02:34:19 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bd2eab0d1cc219622\MeshBetaRemover.exe
    2011-06-03 02:33:48 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aa2acd001cc21961a\DXSETUP.exe
    2011-06-03 02:33:47 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aa2acd001cc21961a\DSETUP.dll
    2011-06-03 02:33:47 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aa2acd001cc21961a\dsetup32.dll
    2011-06-03 02:33:46 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a861c4cc1cc219619\DSETUP.dll
    2011-06-03 02:33:46 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a861c4cc1cc219619\DXSETUP.exe
    2011-06-03 02:33:46 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a861c4cc1cc219619\dsetup32.dll
    2011-06-03 02:14:43 -------- d-----w- C:\Windows\System32\SPReview
    2011-06-03 02:13:20 -------- d-----w- C:\Windows\System32\EventProviders
    2011-06-03 02:09:59 1556992 ----a-w- C:\Windows\System32\RacEngn.dll
    2011-06-03 02:08:59 571904 ----a-w- C:\Windows\System32\mspbda.dll
    2011-06-03 02:07:59 89600 ----a-w- C:\Windows\SysWow64\wbem\WmiApRpl.dll
    2011-06-03 02:06:50 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
    2011-06-03 02:06:50 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
    2011-06-03 02:06:43 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
    2011-06-03 02:06:43 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
    2011-06-03 02:06:40 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
    2011-06-03 02:06:40 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
    2011-06-03 02:04:18 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-06-03 02:04:18 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-06-03 02:04:18 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-06-03 02:04:10 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-06-03 02:04:06 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-06-03 02:03:43 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-06-03 02:03:43 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-06-02 16:58:42 23464 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
    2011-06-02 16:58:16 97928 ----a-w- C:\Windows\System32\IncContxMenu.dll
    2011-06-02 16:58:16 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
    2011-06-02 16:58:14 69000 ----a-w- C:\Windows\System32\offreg.dll
    2011-06-02 16:58:14 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
    2011-06-02 16:58:14 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
    2011-06-02 16:58:14 14848 ----a-w- C:\Windows\System32\smrgdf.exe
    2011-06-02 16:58:13 -------- d-----w- C:\Program Files (x86)\iolo
    2011-06-02 16:56:46 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
    2011-06-02 16:56:14 -------- d-----w- C:\iolo
    2011-06-02 16:54:41 -------- d-----w- C:\Users\john\AppData\Roaming\iolo
    2011-06-02 16:54:41 -------- d-----w- C:\ProgramData\iolo
    2011-06-02 00:24:53 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2011-06-01 23:47:38 23624 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2011-06-01 23:47:24 -------- d-----w- C:\ProgramData\Hitman Pro
    2011-06-01 23:26:55 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
    2011-06-01 20:49:06 -------- d-----w- C:\Program Files (x86)\Sophos
    2011-06-01 19:16:18 -------- d-----w- C:\Users\john\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-01 19:16:18 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-06-01 18:05:40 388096 ----a-r- C:\Users\john\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-01 18:05:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-06-01 03:33:43 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
    2011-05-31 22:43:12 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF3512BC-06C3-46D3-AA2C-4D2C0BB4528A}\mpengine.dll
    2011-05-27 16:39:32 -------- d-----w- C:\Users\john\AppData\Roaming\Malwarebytes
    2011-05-27 16:39:25 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-27 16:39:24 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-05-27 16:39:21 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-27 16:39:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-05-27 16:27:24 -------- d-----w- C:\Program Files\CCleaner
    2011-05-27 15:40:23 -------- d--h--w- C:\ProgramData\Common Files
    2011-05-27 15:39:30 -------- d-----w- C:\ProgramData\MFAData
    2011-05-27 07:38:34 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-05-27 07:37:52 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-05-27 07:37:03 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-27 07:34:09 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-05-24 00:43:10 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-24 00:43:10 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-15 06:42:13 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-05-15 06:41:40 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-05-15 06:40:30 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-05-15 06:40:22 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-05-11 00:48:11 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 00:48:07 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 00:48:06 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-11 00:48:02 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 00:48:02 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 00:48:01 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 00:48:01 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 00:48:01 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 00:48:01 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 00:48:01 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-10 22:03:44 -------- d-----w- C:\Users\john\Tracing
    .
    ==================== Find3M ====================
    .
    2011-06-03 02:27:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-06-03 02:27:23 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 23:51:41.06 ===============
     
  6. jillnjosh

    jillnjosh Thread Starter

    Joined:
    Jun 1, 2011
    Messages:
    7
    I've been trying to wait patiently for someone to reply to my thread, but it's been two weeks. I'm not trying to be rude or anything, but I do have to return this computer, and I'd like to feel confident that it is free of malware.

    I do not understand why I cannot create a log file for HJT, and find it worrisome because I fear that it might be because of malware. I would like to know why I keep getting the popups for "Protected Mode" - if it is just a Win 7 thing, then I will ignore it and let the owner deal with it. If it is some kind of malware, I'd really appreciate advice on how to get rid of it.

    Many thanks,
    Jill
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1000041

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice