RandyL

Ken get your mind out of the gutter. It's already really crowded down here. :smile:

Wood floors Carpet ripped out, red oak floors repaired and refinished with a clear semi-gloss polyurethane, no stain. Painted the rooms first. Need to buy a new couch and love seat but the other furniture including my waterbed is back in. It took 3 weeks to get everything out of the house, paint the rooms and get the floors done. I had to leave the house for a week. Week 4 I was sick. It's been a long month.

You are using Chrome I assume. I don't use it but a quick search suggests that you should first make sure your date and time are correct. Next right click the X and see if it provides more details. You said search bar but did you actually mean the address bar?

To delete the history in Chrome you have to do it from Chrome. Delete your browsing history Clear your download history Autofill forms You could also use a third party program like CCleaner which I use. If you use CCleaner I suggest just using the default settings and NEVER use the registry part of it.

I agree. You did a fantastic job once again. I'll see what I can figure out with the memory and let you know. Thanks for everything Starbuck. I need to get some air now. The polyurethane fumes are nasty here.

Yes once in a while I can get it to boot with both sticks in. It might take 5 or 6 tries before it does though. When I ran OTL both sticks were in. With either stick in either slot individually it boots every single time. It is strange. I might have to bite the bullet and buy new memory just to see if it solves the problem.

That's a big yes Starbuck. It's the original memory on a 2007 desktop Presario.

If this laptop was preconfigured with a BIOS password which some are then your best bet is to contact the manufacturer. They can help you reset it. If it's a Windows logon password then unfortunately we can't help. We have no way of verifying ownership. Any advice we might give could be used by anyone to hack into a system.

This has got to be a memory problem. Turned on today and nothing. Not even the monitor would recognize a boot. So I pulled one of two memory sticks and it booted right up. But it gets weird. It boots just fine with either stick in either of the two slots. So one would think both sticks and both slots are fine. But noooooooo. If I try both sticks in either configuration I get no boot or blue screen or it goes to "Detecting arrays" and stays there. (No RAID setup so I think it refers to memory). In spite of the fact I checked the memory with PC-Doctor for Compaq and the Windows memory diagnostic and they passed I'm thinking one of these sticks are bad. Although it boots great on one stick things are running painfully slow on 1Gb.

Bad luck. I get it started with fewer trys but it is still messed up. I only see one major issue in Event viewer at startup but not sure what to make of it. The source is WMI and it's an ID 10 error. Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Well I changed everything back and set the value to 4 and startup was a complete failure. So I made the other 2 changes and startup worked. So I'll leave all 3 changes as follows. 1. In the BIOS changed PS/2 mouse from auto detect to disabled. 2. In the Registry Editor I navigated to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042p and changed the REG_DWORD value from 1 to 4 where 1 was start and 4 is disabled. 3. In the Registry Editor I navigated to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters and added a new REG_DWORD Headless and set the value to 1. ​Now I just have to run more starts to test further. Fingers crossed again.

Well it's looking good. I just did 2 starts with no trouble. I'll do a hundred more just in case. What concerns me now is what I did change that was wrong. I know I had tried the DWORD headless option in the reg too and that did nothing. I think the best thing to do here is run my reg backup and then change the value to 4 again so I undo my other changes. Keep your fingers crossed.

I thought I had changed that reg value to 4 but I just looked again and it is still set as 1. I did change that setting in the BIOS from auto-detect to disable. I'll try the reg change again before I do anything else. I'll let you know how it goes if I can get back in.

It is a mess and will take a few days to do. Then I get to bring all the furniture back in. Here are the logs bud. Thanks so much for helping me. First Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013 Ran by Melissa (administrator) on 19-08-2013 12:13:32 Running from C:\Users\Melissa\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [DVDAgent] - c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-09-09] (CyberLink Corp.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateReg] - C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard) Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {B9A4F4FA-0026-4A20-B16B-93EE28301616} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR RestoreOnStartup: "hxxp://windstream.net/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-19 12:11 - 2013-08-19 12:11 - 01069895 _____ (Farbar) C:\Users\Melissa\Desktop\FRST.exe 2013-08-18 16:55 - 2013-08-18 16:55 - 00144208 _____ C:\Windows\Minidump\Mini081813-02.dmp 2013-08-18 16:28 - 2013-08-18 16:28 - 00000322 _____ C:\Users\Melissa\Desktop\headless node.txt 2013-08-18 16:26 - 2013-08-18 16:26 - 350030080 _____ C:\Users\Melissa\Desktop\regedit2.REG 2013-08-18 16:25 - 2013-08-18 16:25 - 350028544 _____ C:\Users\Melissa\Desktop\regedit.reg 2013-08-18 16:23 - 2013-08-18 16:23 - 350027628 _____ C:\Users\Melissa\Documents\regedit.reg 2013-08-18 14:36 - 2013-08-18 14:36 - 00000680 _____ C:\Users\Melissa\Desktop\Events.txt 2013-08-18 14:30 - 2013-08-18 14:30 - 00001160 _____ C:\Users\Melissa\Desktop\Event 5032, Microsoft Windows security auditing.txt 2013-08-18 14:26 - 2013-08-18 14:26 - 00001498 _____ C:\Users\Melissa\Desktop\Event 10,WMI.txt 2013-08-18 14:22 - 2013-08-18 14:22 - 00000382 _____ C:\Users\Melissa\Desktop\bluescreen.txt 2013-08-18 14:18 - 2013-08-18 14:18 - 00144240 _____ C:\Windows\Minidump\Mini081813-01.dmp 2013-08-18 14:10 - 2013-08-18 16:55 - 176045383 _____ C:\Windows\MEMORY.DMP 2013-08-18 11:07 - 2013-08-18 11:07 - 00001070 _____ C:\Users\Melissa\Desktop\JRT.txt 2013-08-18 11:05 - 2013-08-18 11:05 - 00000000 ____D C:\Windows\ERUNT 2013-08-18 11:04 - 2013-08-18 11:04 - 00006579 _____ C:\Users\Melissa\Desktop\new OTL.txt 2013-08-18 11:00 - 2013-08-18 11:00 - 00000000 ____D C:\_OTL 2013-08-18 10:57 - 2013-08-18 10:56 - 01018166 _____ (Thisisu) C:\Users\Melissa\Desktop\JRT.exe 2013-08-18 01:49 - 2013-08-18 01:49 - 00000034 _____ C:\Users\Melissa\Desktop\compaq.txt 2013-08-18 01:44 - 2013-08-18 01:44 - 01769792 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Melissa\Desktop\sp37541.exe 2013-08-17 21:55 - 2013-08-17 21:55 - 00000000 _____ C:\Windows\setuperr.log 2013-08-17 21:55 - 2013-08-17 21:55 - 00000000 _____ C:\Windows\setupact.log 2013-08-17 12:31 - 2013-08-17 12:31 - 00000546 _____ C:\Windows\PFRO.log 2013-08-17 12:23 - 2013-08-17 12:23 - 00011650 _____ C:\ComboFix.txt 2013-08-17 04:13 - 2013-08-17 04:13 - 00037222 _____ C:\Users\Melissa\Desktop\Extras.Txt 2013-08-17 04:11 - 2013-08-17 04:14 - 00074554 _____ C:\Users\Melissa\Desktop\OTL.Txt 2013-08-16 13:39 - 2013-08-16 13:40 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-08-16 13:29 - 2013-08-16 13:29 - 00000000 ____D C:\Combo-Fix4974C 2013-08-16 13:04 - 2013-08-16 13:04 - 00000000 ____D C:\Combo-Fix 2013-08-16 12:35 - 2013-08-17 04:16 - 05105390 ____R (Swearware) C:\Users\Melissa\Desktop\Combo-Fix.exe 2013-08-16 03:30 - 2013-08-16 03:30 - 00000019 _____ C:\Users\Melissa\Desktop\combofix uninstall.txt 2013-08-15 22:24 - 2013-08-17 12:23 - 00000000 ____D C:\Qoobox 2013-08-15 22:24 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-15 22:24 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-15 22:24 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-15 22:23 - 2013-08-17 12:22 - 00000000 ____D C:\Windows\erdnt 2013-08-15 22:08 - 2013-08-15 22:08 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Melissa\Desktop\tdsskiller.exe 2013-08-15 14:57 - 2013-08-15 14:57 - 00002763 _____ C:\Users\Melissa\Desktop\RKreport[0]_D_08152013_145735.txt 2013-08-15 14:56 - 2013-08-15 14:56 - 00002655 _____ C:\Users\Melissa\Desktop\RKreport[0]_S_08152013_145630.txt 2013-08-15 14:08 - 2013-08-15 14:57 - 00000000 ____D C:\Users\Melissa\Desktop\RK_Quarantine 2013-08-15 14:08 - 2013-08-15 14:07 - 00920576 _____ C:\Users\Melissa\Desktop\RogueKiller.exe 2013-08-15 04:21 - 2013-08-15 04:21 - 00602112 _____ (OldTimer Tools) C:\Users\Melissa\Desktop\OTL.scr 2013-08-14 16:30 - 2013-08-14 16:30 - 00000000 ____D C:\Users\Melissa\AppData\Local\Apple 2013-08-14 04:35 - 2013-08-14 04:35 - 00000000 ____D C:\Program Files\Common Files\Java 2013-08-14 04:34 - 2013-08-14 04:32 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-14 04:33 - 2013-08-14 04:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-08-14 04:33 - 2013-08-14 04:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-14 04:33 - 2013-08-14 04:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-14 04:24 - 2013-08-19 12:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-14 04:24 - 2013-08-14 04:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-14 04:24 - 2013-08-14 04:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-14 04:23 - 2013-08-15 02:56 - 00000000 ____D C:\Users\Melissa\AppData\Local\Adobe 2013-08-14 04:00 - 2013-07-24 21:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 04:00 - 2013-07-24 21:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 04:00 - 2013-07-24 21:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 04:00 - 2013-07-24 21:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 04:00 - 2013-07-24 21:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 04:00 - 2013-07-24 21:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-08-14 04:00 - 2013-07-24 21:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-14 04:00 - 2013-07-24 21:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-08-14 04:00 - 2013-07-24 21:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 04:00 - 2013-07-24 21:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 04:00 - 2013-07-24 21:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-13 20:32 - 2013-07-10 04:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-13 20:32 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2013-08-13 20:32 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 20:31 - 2013-07-17 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-13 20:31 - 2013-07-09 07:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-13 20:31 - 2013-07-07 23:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-08-13 20:31 - 2013-07-07 23:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-13 20:31 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-13 20:31 - 2013-07-07 23:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-13 20:31 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-13 20:31 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-13 20:31 - 2013-07-04 22:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-13 20:31 - 2013-07-04 20:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2013-08-13 15:42 - 2013-08-13 15:42 - 00050688 _____ (Atribune.org) C:\Users\Melissa\Desktop\ATF-Cleaner.exe 2013-08-13 15:33 - 2013-08-13 15:33 - 00007840 _____ C:\Users\Melissa\Desktop\AdwCleaner[s1].txt 2013-08-13 15:30 - 2013-08-13 15:30 - 00007840 _____ C:\AdwCleaner[s1].txt 2013-08-13 15:29 - 2013-08-13 15:29 - 00008379 _____ C:\AdwCleaner[R1].txt 2013-08-13 15:28 - 2013-08-13 15:28 - 00666633 _____ C:\Users\Melissa\Desktop\AdwCleaner.exe 2013-08-13 15:25 - 2013-08-14 04:04 - 00000254 _____ C:\Users\Melissa\Desktop\lockup.txt 2013-08-13 13:27 - 2013-08-16 13:40 - 00001945 _____ C:\Windows\epplauncher.mif 2013-08-13 13:23 - 2010-04-05 15:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2013-08-13 12:38 - 2013-08-13 12:38 - 00000000 ____D C:\Windows\pss 2013-08-13 03:54 - 2013-08-13 03:54 - 00000000 ____D C:\Program Files\ESET 2013-08-12 02:10 - 2013-08-12 02:10 - 00000810 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-08-12 02:10 - 2013-08-12 02:10 - 00000000 ____D C:\Program Files\CCleaner 2013-08-12 01:28 - 2013-08-12 01:28 - 00000000 ____D C:\Program Files\Adobe 2013-08-12 01:18 - 2013-08-14 04:32 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-12 01:04 - 2013-08-14 04:13 - 00000000 ____D C:\Windows\system32\MRT 2013-08-11 22:54 - 2013-08-11 22:54 - 00000633 _____ C:\Users\Melissa\Desktop\randy.txt 2013-08-11 22:48 - 2013-08-11 22:48 - 00000912 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ==================== One Month Modified Files and Folders ======= 2013-08-19 12:12 - 2013-08-19 12:12 - 00000000 ____D C:\FRST 2013-08-19 12:12 - 2013-08-14 04:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-19 12:11 - 2013-08-19 12:11 - 01069895 _____ (Farbar) C:\Users\Melissa\Desktop\FRST.exe 2013-08-19 11:53 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-19 11:53 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-19 11:33 - 2013-04-19 20:18 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-19 10:08 - 2008-09-23 16:40 - 01956993 _____ C:\Windows\WindowsUpdate.log 2013-08-19 09:53 - 2013-04-19 20:18 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-19 09:53 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-18 18:09 - 2006-11-02 08:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-18 16:55 - 2013-08-18 16:55 - 00144208 _____ C:\Windows\Minidump\Mini081813-02.dmp 2013-08-18 16:55 - 2013-08-18 14:10 - 176045383 _____ C:\Windows\MEMORY.DMP 2013-08-18 16:55 - 2013-04-17 09:44 - 00000000 ____D C:\Windows\Minidump 2013-08-18 16:28 - 2013-08-18 16:28 - 00000322 _____ C:\Users\Melissa\Desktop\headless node.txt 2013-08-18 16:26 - 2013-08-18 16:26 - 350030080 _____ C:\Users\Melissa\Desktop\regedit2.REG 2013-08-18 16:25 - 2013-08-18 16:25 - 350028544 _____ C:\Users\Melissa\Desktop\regedit.reg 2013-08-18 16:23 - 2013-08-18 16:23 - 350027628 _____ C:\Users\Melissa\Documents\regedit.reg 2013-08-18 14:36 - 2013-08-18 14:36 - 00000680 _____ C:\Users\Melissa\Desktop\Events.txt 2013-08-18 14:30 - 2013-08-18 14:30 - 00001160 _____ C:\Users\Melissa\Desktop\Event 5032, Microsoft Windows security auditing.txt 2013-08-18 14:26 - 2013-08-18 14:26 - 00001498 _____ C:\Users\Melissa\Desktop\Event 10,WMI.txt 2013-08-18 14:22 - 2013-08-18 14:22 - 00000382 _____ C:\Users\Melissa\Desktop\bluescreen.txt 2013-08-18 14:18 - 2013-08-18 14:18 - 00144240 _____ C:\Windows\Minidump\Mini081813-01.dmp 2013-08-18 11:07 - 2013-08-18 11:07 - 00001070 _____ C:\Users\Melissa\Desktop\JRT.txt 2013-08-18 11:05 - 2013-08-18 11:05 - 00000000 ____D C:\Windows\ERUNT 2013-08-18 11:04 - 2013-08-18 11:04 - 00006579 _____ C:\Users\Melissa\Desktop\new OTL.txt 2013-08-18 11:01 - 2008-09-24 14:46 - 00007052 _____ C:\Users\Melissa\AppData\Local\d3d9caps.dat 2013-08-18 11:00 - 2013-08-18 11:00 - 00000000 ____D C:\_OTL 2013-08-18 10:56 - 2013-08-18 10:57 - 01018166 _____ (Thisisu) C:\Users\Melissa\Desktop\JRT.exe 2013-08-18 01:49 - 2013-08-18 01:49 - 00000034 _____ C:\Users\Melissa\Desktop\compaq.txt 2013-08-18 01:44 - 2013-08-18 01:44 - 01769792 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Melissa\Desktop\sp37541.exe 2013-08-17 22:31 - 2008-05-05 13:22 - 00000000 ____D C:\hp 2013-08-17 22:17 - 2008-09-23 16:44 - 00000000 ____D C:\Users\Melissa 2013-08-17 21:55 - 2013-08-17 21:55 - 00000000 _____ C:\Windows\setuperr.log 2013-08-17 21:55 - 2013-08-17 21:55 - 00000000 _____ C:\Windows\setupact.log 2013-08-17 12:31 - 2013-08-17 12:31 - 00000546 _____ C:\Windows\PFRO.log 2013-08-17 12:23 - 2013-08-17 12:23 - 00011650 _____ C:\ComboFix.txt 2013-08-17 12:23 - 2013-08-15 22:24 - 00000000 ____D C:\Qoobox 2013-08-17 12:23 - 2006-11-02 06:18 - 00000000 ___RD C:\Users\Public 2013-08-17 12:22 - 2013-08-15 22:23 - 00000000 ____D C:\Windows\erdnt 2013-08-17 12:21 - 2006-11-02 05:23 - 00000215 _____ C:\Windows\system.ini 2013-08-17 04:16 - 2013-08-16 12:35 - 05105390 ____R (Swearware) C:\Users\Melissa\Desktop\Combo-Fix.exe 2013-08-17 04:14 - 2013-08-17 04:11 - 00074554 _____ C:\Users\Melissa\Desktop\OTL.Txt 2013-08-17 04:13 - 2013-08-17 04:13 - 00037222 _____ C:\Users\Melissa\Desktop\Extras.Txt 2013-08-17 03:41 - 2008-05-05 13:21 - 00000000 ____D C:\Windows\Panther 2013-08-16 13:40 - 2013-08-16 13:39 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-08-16 13:40 - 2013-08-13 13:27 - 00001945 _____ C:\Windows\epplauncher.mif 2013-08-16 13:29 - 2013-08-16 13:29 - 00000000 ____D C:\Combo-Fix4974C 2013-08-16 13:04 - 2013-08-16 13:04 - 00000000 ____D C:\Combo-Fix 2013-08-16 03:30 - 2013-08-16 03:30 - 00000019 _____ C:\Users\Melissa\Desktop\combofix uninstall.txt 2013-08-15 22:08 - 2013-08-15 22:08 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Melissa\Desktop\tdsskiller.exe 2013-08-15 14:57 - 2013-08-15 14:57 - 00002763 _____ C:\Users\Melissa\Desktop\RKreport[0]_D_08152013_145735.txt 2013-08-15 14:57 - 2013-08-15 14:08 - 00000000 ____D C:\Users\Melissa\Desktop\RK_Quarantine 2013-08-15 14:56 - 2013-08-15 14:56 - 00002655 _____ C:\Users\Melissa\Desktop\RKreport[0]_S_08152013_145630.txt 2013-08-15 14:07 - 2013-08-15 14:08 - 00920576 _____ C:\Users\Melissa\Desktop\RogueKiller.exe 2013-08-15 04:21 - 2013-08-15 04:21 - 00602112 _____ (OldTimer Tools) C:\Users\Melissa\Desktop\OTL.scr 2013-08-15 02:56 - 2013-08-14 04:23 - 00000000 ____D C:\Users\Melissa\AppData\Local\Adobe 2013-08-14 16:30 - 2013-08-14 16:30 - 00000000 ____D C:\Users\Melissa\AppData\Local\Apple 2013-08-14 06:49 - 2011-08-20 17:31 - 00000000 ____D C:\Users\Melissa\AppData\Local\Facebook 2013-08-14 05:09 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-14 04:50 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache 2013-08-14 04:35 - 2013-08-14 04:35 - 00000000 ____D C:\Program Files\Common Files\Java 2013-08-14 04:33 - 2013-08-14 04:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-08-14 04:32 - 2013-08-14 04:34 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-14 04:32 - 2013-08-14 04:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-14 04:32 - 2013-08-14 04:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-14 04:32 - 2013-08-12 01:18 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-14 04:32 - 2010-06-17 12:01 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-14 04:24 - 2013-08-14 04:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-14 04:24 - 2013-08-14 04:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-14 04:13 - 2013-08-12 01:04 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 04:09 - 2006-11-02 05:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-08-14 04:07 - 2008-11-12 17:46 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-14 04:04 - 2013-08-13 15:25 - 00000254 _____ C:\Users\Melissa\Desktop\lockup.txt 2013-08-14 04:03 - 2006-11-02 05:33 - 00718584 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-13 15:42 - 2013-08-13 15:42 - 00050688 _____ (Atribune.org) C:\Users\Melissa\Desktop\ATF-Cleaner.exe 2013-08-13 15:33 - 2013-08-13 15:33 - 00007840 _____ C:\Users\Melissa\Desktop\AdwCleaner[s1].txt 2013-08-13 15:30 - 2013-08-13 15:30 - 00007840 _____ C:\AdwCleaner[s1].txt 2013-08-13 15:29 - 2013-08-13 15:29 - 00008379 _____ C:\AdwCleaner[R1].txt 2013-08-13 15:28 - 2013-08-13 15:28 - 00666633 _____ C:\Users\Melissa\Desktop\AdwCleaner.exe 2013-08-13 12:38 - 2013-08-13 12:38 - 00000000 ____D C:\Windows\pss 2013-08-13 04:53 - 2008-05-05 12:47 - 00000000 ____D C:\Program Files\Java 2013-08-13 03:54 - 2013-08-13 03:54 - 00000000 ____D C:\Program Files\ESET 2013-08-12 23:06 - 2012-01-14 13:11 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Spotify 2013-08-12 18:18 - 2012-01-14 13:12 - 00000000 ____D C:\Users\Melissa\AppData\Local\Spotify 2013-08-12 02:10 - 2013-08-12 02:10 - 00000810 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-08-12 02:10 - 2013-08-12 02:10 - 00000000 ____D C:\Program Files\CCleaner 2013-08-12 01:28 - 2013-08-12 01:28 - 00000000 ____D C:\Program Files\Adobe 2013-08-12 01:28 - 2008-09-23 16:45 - 00000000 ____D C:\ProgramData\Adobe 2013-08-12 01:28 - 2008-09-23 16:45 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-08-11 23:01 - 2010-12-01 17:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-11 22:54 - 2013-08-11 22:54 - 00000633 _____ C:\Users\Melissa\Desktop\randy.txt 2013-08-11 22:48 - 2013-08-11 22:48 - 00000912 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-11 22:11 - 2011-03-05 19:23 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Sammsoft 2013-07-31 18:39 - 2013-04-19 20:22 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-24 21:40 - 2013-08-14 04:00 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-24 21:32 - 2013-08-14 04:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-24 21:30 - 2013-08-14 04:00 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-24 21:26 - 2013-08-14 04:00 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-24 21:26 - 2013-08-14 04:00 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-24 21:25 - 2013-08-14 04:00 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-24 21:24 - 2013-08-14 04:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-24 21:24 - 2013-08-14 04:00 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-24 21:22 - 2013-08-14 04:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-24 21:22 - 2013-08-14 04:00 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-24 21:22 - 2013-08-14 04:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-19 10:00 ==================== End Of Log ============================ Additions Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-08-2013 Ran by Melissa at 2013-08-19 12:14:38 Running from C:\Users\Melissa\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1) Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Adobe Reader 8.1.3 (Version: 8.1.3) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ArcSoft PhotoImpression 6 (Version: 6) ArcSoft Print Creations ArcSoft Print Creations - Photo Calendar Bing Rewards Client Installer (Version: 16.0.345.0) Bonjour (Version: 3.0.0.10) CCleaner (Version: 4.04) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Coupon Printer for Windows (Version: 5.0.0.1) CyberLink DVD Suite Deluxe (Version: 5.5.1329) CyberLink PowerDirector (Version: 6.5.2726) EPSON Print CD (Version: 1.60.000) EPSON Printer Software EPSON RX595 User's Guide EPSON Scan EPSON Stylus Photo RX595 Series Scanner Driver Update ESET Online Scanner v3 Google Chrome (Version: 28.0.1500.95) Google Update Helper (Version: 1.3.21.153) Hardware Diagnostic Tools (Version: 5.1.4748.24) Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2) Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2) HP Active Support Library (Version: 3.1.0.6) HP Advisor (Version: 3.1.9152.3107) HP Customer Experience Enhancements (Version: 5.6.0.2510) HP Customer Feedback (Version: 1.0.0) HP Demo (Version: HP Demo) HP MediaSmart DVD (Version: 2.2.3309) HP Update (Version: 4.000.012.001) HPTCSSetup (Version: 1.0.964.2626) iTunes (Version: 11.0.2.26) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) LabelPrint (Version: 2.2.2529) LightScribe System Software (Version: 1.18.3.2) LightScribeTemplateLabeler (Version: 1.10.23.1) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 2.0.189.1) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 Trial (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Security Client (Version: 4.3.0216.0) Microsoft Security Essentials (Version: 4.3.216.0) Microsoft UI Engine (Version: 6.3.2348.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) muvee autoProducer 6.1 (Version: 6.10.050) My HP Games (Version: 1.0.0.43) NVIDIA Drivers OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) OpenOffice.org 2.4 (Version: 2.4.9310) Power2Go (Version: 5.6.3917) Python 2.5 (Version: 2.5.150) QuickTime (Version: 7.73.80.64) Realtek High Definition Audio Driver (Version: 6.0.1.5657) SimCity 2000® Special Edition Snapfish Picture Mover (Version: 1.9.0.16) Soft Data Fax Modem with SmartCP (Version: 7.74.00) Spotify (HKCU Version: 0.9.1.57.ge7405149) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windstream Broadband Check-up Center Yahoo! Toolbar YTD Toolbar v7.4 (Version: 7.4) ==================== Restore Points ========================= 13-08-2013 18:22:32 Windows Update 14-08-2013 08:58:10 Windows Update 14-08-2013 09:31:22 Installed Java 7 Update 25 15-08-2013 09:40:06 OTL Restore Point - 8/15/2013 4:40:06 AM 16-08-2013 22:00:10 OTL Restore Point - 8/16/2013 5:00:10 PM 17-08-2013 08:58:49 OTL Restore Point - 8/17/2013 3:58:48 AM 18-08-2013 03:14:19 Windows Update 18-08-2013 06:38:29 Installed HP Product Detection 18-08-2013 20:12:55 Scheduled Checkpoint 19-08-2013 15:43:03 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 05:23 - 2013-08-18 11:00 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {1D73D47F-422B-430E-8C73-9C4C944CFF54} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {4C8F0894-BCC7-4FDD-A226-F293E732FC27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.) Task: {512368F6-62C3-4D51-8091-743E6AE77665} - System32\Tasks\User_Feed_Synchronization-{7A320A5B-950C-4766-9FC1-C741DCB3423C} => C:\Windows\system32\msfeedssync.exe [2011-08-04] (Microsoft Corporation) Task: {587ADB68-62F6-49D8-82D7-61E8C8347A68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {63879B7D-68C4-4878-8E7D-E77FBBA78C90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {66C5B590-A60C-4DD1-8225-5891F4C6656B} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.) Task: {9E883DED-B4BA-4100-99E8-DDC899D9F687} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Melissa => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation) Task: {A6830318-9EF8-49B5-8C11-999A4AD38B9C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation) Task: {CA2757B3-BEF7-44A3-975E-51E67279E308} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.) Task: {D28FC6CA-B00F-4442-8584-7D14079909D0} - \Event Viewer Tasks\3bf4b4bb-8fd3-481e-9e75-a059b2270c71 No Task File Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {E62C7A67-3C69-490D-A90E-FDD542180203} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.) Task: {E989BC0D-CF43-442D-955E-30DB91CDD914} - \Event Viewer Tasks\cc255def-861c-4e4a-b4e1-4e1d1f97db98 No Task File Task: {EA91DCEA-DDD5-46FF-BA5E-E9CC2329EFE8} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation) Task: {ED32C9FB-337D-491C-8E32-AA72BD833D4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2013 09:53:44 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 06:07:38 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 05:36:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 04:56:15 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 04:34:52 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 04:10:22 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 02:18:57 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 00:39:11 PM) (Source: ESENT) (User: ) Description: Windows (2872) Windows: The version store for this instance (0) has reached its maximum size of 127Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back. Possible long-running transaction: SessionId: 0x00EF03E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000808 Cleanup: 1 Error: (08/18/2013 11:12:33 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/19/2013 09:53:44 AM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 06:07:38 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 05:36:49 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 04:56:16 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 04:34:52 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 04:10:22 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 02:18:58 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 11:12:33 AM) (Source: Service Control Manager) (User: ) Description: i8042prt Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-14 01:26:15.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:14.687 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:13.719 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:13.205 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:12.690 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:12.175 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:11.395 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:10.896 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:10.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:09.866 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 1917.76 MB Available physical RAM: 846.9 MB Total Pagefile: 4082.05 MB Available Pagefile: 3024.7 MB Total Virtual: 2047.88 MB Available Virtual: 1890.25 MB ==================== Drives ================================ Drive c: (COMPAQ) (Fixed) (Total:455.6 GB) (Free:340.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.16 GB) (Free:1.38 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ==================== End Of Log ============================

It is a mess and will take a few days to do. Then I get to bring all the furniture back in. Here are the logs bud. Thanks so much for helping me. First Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013 Ran by Melissa (administrator) on 19-08-2013 12:13:32 Running from C:\Users\Melissa\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [DVDAgent] - c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-09-09] (CyberLink Corp.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateReg] - C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2009-08-05] (Hewlett-Packard) Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {B9A4F4FA-0026-4A20-B16B-93EE28301616} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR RestoreOnStartup: "hxxp://windstream.net/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-19 12:11 - 2013-08-19 12:11 - 01069895 _____ (Farbar) C:\Users\Melissa\Desktop\FRST.exe 2013-08-18 16:55 - 2013-08-18 16:55 - 00144208 _____ C:\Windows\Minidump\Mini081813-02.dmp 2013-08-18 16:28 - 2013-08-18 16:28 - 00000322 _____ C:\Users\Melissa\Desktop\headless node.txt 2013-08-18 16:26 - 2013-08-18 16:26 - 350030080 _____ C:\Users\Melissa\Desktop\regedit2.REG 2013-08-18 16:25 - 2013-08-18 16:25 - 350028544 _____ C:\Users\Melissa\Desktop\regedit.reg 2013-08-18 16:23 - 2013-08-18 16:23 - 350027628 _____ C:\Users\Melissa\Documents\regedit.reg 2013-08-18 14:36 - 2013-08-18 14:36 - 00000680 _____ C:\Users\Melissa\Desktop\Events.txt 2013-08-18 14:30 - 2013-08-18 14:30 - 00001160 _____ C:\Users\Melissa\Desktop\Event 5032, Microsoft Windows security auditing.txt 2013-08-18 14:26 - 2013-08-18 14:26 - 00001498 _____ C:\Users\Melissa\Desktop\Event 10,WMI.txt 2013-08-18 14:22 - 2013-08-18 14:22 - 00000382 _____ C:\Users\Melissa\Desktop\bluescreen.txt 2013-08-18 14:18 - 2013-08-18 14:18 - 00144240 _____ C:\Windows\Minidump\Mini081813-01.dmp 2013-08-18 14:10 - 2013-08-18 16:55 - 176045383 _____ C:\Windows\MEMORY.DMP 2013-08-18 11:07 - 2013-08-18 11:07 - 00001070 _____ C:\Users\Melissa\Desktop\JRT.txt 2013-08-18 11:05 - 2013-08-18 11:05 - 00000000 ____D C:\Windows\ERUNT 2013-08-18 11:04 - 2013-08-18 11:04 - 00006579 _____ C:\Users\Melissa\Desktop\new OTL.txt 2013-08-18 11:00 - 2013-08-18 11:00 - 00000000 ____D C:\_OTL 2013-08-18 10:57 - 2013-08-18 10:56 - 01018166 _____ (Thisisu) C:\Users\Melissa\Desktop\JRT.exe 2013-08-18 01:49 - 2013-08-18 01:49 - 00000034 _____ C:\Users\Melissa\Desktop\compaq.txt 2013-08-18 01:44 - 2013-08-18 01:44 - 01769792 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Melissa\Desktop\sp37541.exe 2013-08-17 21:55 - 2013-08-17 21:55 - 00000000 _____ C:\Windows\setuperr.log 2013-08-17 21:55 - 2013-08-17 21:55 - 00000000 _____ C:\Windows\setupact.log 2013-08-17 12:31 - 2013-08-17 12:31 - 00000546 _____ C:\Windows\PFRO.log 2013-08-17 12:23 - 2013-08-17 12:23 - 00011650 _____ C:\ComboFix.txt 2013-08-17 04:13 - 2013-08-17 04:13 - 00037222 _____ C:\Users\Melissa\Desktop\Extras.Txt 2013-08-17 04:11 - 2013-08-17 04:14 - 00074554 _____ C:\Users\Melissa\Desktop\OTL.Txt 2013-08-16 13:39 - 2013-08-16 13:40 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-08-16 13:29 - 2013-08-16 13:29 - 00000000 ____D C:\Combo-Fix4974C 2013-08-16 13:04 - 2013-08-16 13:04 - 00000000 ____D C:\Combo-Fix 2013-08-16 12:35 - 2013-08-17 04:16 - 05105390 ____R (Swearware) C:\Users\Melissa\Desktop\Combo-Fix.exe 2013-08-16 03:30 - 2013-08-16 03:30 - 00000019 _____ C:\Users\Melissa\Desktop\combofix uninstall.txt 2013-08-15 22:24 - 2013-08-17 12:23 - 00000000 ____D C:\Qoobox 2013-08-15 22:24 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-15 22:24 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-15 22:24 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-15 22:24 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-15 22:23 - 2013-08-17 12:22 - 00000000 ____D C:\Windows\erdnt 2013-08-15 22:08 - 2013-08-15 22:08 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Melissa\Desktop\tdsskiller.exe 2013-08-15 14:57 - 2013-08-15 14:57 - 00002763 _____ C:\Users\Melissa\Desktop\RKreport[0]_D_08152013_145735.txt 2013-08-15 14:56 - 2013-08-15 14:56 - 00002655 _____ C:\Users\Melissa\Desktop\RKreport[0]_S_08152013_145630.txt 2013-08-15 14:08 - 2013-08-15 14:57 - 00000000 ____D C:\Users\Melissa\Desktop\RK_Quarantine 2013-08-15 14:08 - 2013-08-15 14:07 - 00920576 _____ C:\Users\Melissa\Desktop\RogueKiller.exe 2013-08-15 04:21 - 2013-08-15 04:21 - 00602112 _____ (OldTimer Tools) C:\Users\Melissa\Desktop\OTL.scr 2013-08-14 16:30 - 2013-08-14 16:30 - 00000000 ____D C:\Users\Melissa\AppData\Local\Apple 2013-08-14 04:35 - 2013-08-14 04:35 - 00000000 ____D C:\Program Files\Common Files\Java 2013-08-14 04:34 - 2013-08-14 04:32 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-14 04:33 - 2013-08-14 04:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-08-14 04:33 - 2013-08-14 04:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-14 04:33 - 2013-08-14 04:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-14 04:24 - 2013-08-19 12:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-14 04:24 - 2013-08-14 04:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-14 04:24 - 2013-08-14 04:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-14 04:23 - 2013-08-15 02:56 - 00000000 ____D C:\Users\Melissa\AppData\Local\Adobe 2013-08-14 04:00 - 2013-07-24 21:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 04:00 - 2013-07-24 21:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 04:00 - 2013-07-24 21:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 04:00 - 2013-07-24 21:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 04:00 - 2013-07-24 21:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 04:00 - 2013-07-24 21:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-08-14 04:00 - 2013-07-24 21:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-14 04:00 - 2013-07-24 21:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-08-14 04:00 - 2013-07-24 21:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-08-14 04:00 - 2013-07-24 21:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 04:00 - 2013-07-24 21:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 04:00 - 2013-07-24 21:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-13 20:32 - 2013-07-10 04:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-13 20:32 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2013-08-13 20:32 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 20:31 - 2013-07-17 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-13 20:31 - 2013-07-09 07:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-13 20:31 - 2013-07-07 23:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-08-13 20:31 - 2013-07-07 23:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-13 20:31 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-13 20:31 - 2013-07-07 23:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-13 20:31 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-13 20:31 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-13 20:31 - 2013-07-04 22:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-13 20:31 - 2013-07-04 20:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2013-08-13 15:42 - 2013-08-13 15:42 - 00050688 _____ (Atribune.org) C:\Users\Melissa\Desktop\ATF-Cleaner.exe 2013-08-13 15:33 - 2013-08-13 15:33 - 00007840 _____ C:\Users\Melissa\Desktop\AdwCleaner[s1].txt 2013-08-13 15:30 - 2013-08-13 15:30 - 00007840 _____ C:\AdwCleaner[s1].txt 2013-08-13 15:29 - 2013-08-13 15:29 - 00008379 _____ C:\AdwCleaner[R1].txt 2013-08-13 15:28 - 2013-08-13 15:28 - 00666633 _____ C:\Users\Melissa\Desktop\AdwCleaner.exe 2013-08-13 15:25 - 2013-08-14 04:04 - 00000254 _____ C:\Users\Melissa\Desktop\lockup.txt 2013-08-13 13:27 - 2013-08-16 13:40 - 00001945 _____ C:\Windows\epplauncher.mif 2013-08-13 13:23 - 2010-04-05 15:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2013-08-13 12:38 - 2013-08-13 12:38 - 00000000 ____D C:\Windows\pss 2013-08-13 03:54 - 2013-08-13 03:54 - 00000000 ____D C:\Program Files\ESET 2013-08-12 02:10 - 2013-08-12 02:10 - 00000810 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-08-12 02:10 - 2013-08-12 02:10 - 00000000 ____D C:\Program Files\CCleaner 2013-08-12 01:28 - 2013-08-12 01:28 - 00000000 ____D C:\Program Files\Adobe 2013-08-12 01:18 - 2013-08-14 04:32 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-12 01:04 - 2013-08-14 04:13 - 00000000 ____D C:\Windows\system32\MRT 2013-08-11 22:54 - 2013-08-11 22:54 - 00000633 _____ C:\Users\Melissa\Desktop\randy.txt 2013-08-11 22:48 - 2013-08-11 22:48 - 00000912 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ==================== One Month Modified Files and Folders ======= 2013-08-19 12:12 - 2013-08-19 12:12 - 00000000 ____D C:\FRST 2013-08-19 12:12 - 2013-08-14 04:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-19 12:11 - 2013-08-19 12:11 - 01069895 _____ (Farbar) C:\Users\Melissa\Desktop\FRST.exe 2013-08-19 11:53 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-19 11:53 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-19 11:33 - 2013-04-19 20:18 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-19 10:08 - 2008-09-23 16:40 - 01956993 _____ C:\Windows\WindowsUpdate.log 2013-08-19 09:53 - 2013-04-19 20:18 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-19 09:53 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-18 18:09 - 2006-11-02 08:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-18 16:55 - 2013-08-18 16:55 - 00144208 _____ C:\Windows\Minidump\Mini081813-02.dmp 2013-08-18 16:55 - 2013-08-18 14:10 - 176045383 _____ C:\Windows\MEMORY.DMP 2013-08-18 16:55 - 2013-04-17 09:44 - 00000000 ____D C:\Windows\Minidump 2013-08-18 16:28 - 2013-08-18 16:28 - 00000322 _____ C:\Users\Melissa\Desktop\headless node.txt 2013-08-18 16:26 - 2013-08-18 16:26 - 350030080 _____ C:\Users\Melissa\Desktop\regedit2.REG 2013-08-18 16:25 - 2013-08-18 16:25 - 350028544 _____ C:\Users\Melissa\Desktop\regedit.reg 2013-08-18 16:23 - 2013-08-18 16:23 - 350027628 _____ C:\Users\Melissa\Documents\regedit.reg 2013-08-18 14:36 - 2013-08-18 14:36 - 00000680 _____ C:\Users\Melissa\Desktop\Events.txt 2013-08-18 14:30 - 2013-08-18 14:30 - 00001160 _____ C:\Users\Melissa\Desktop\Event 5032, Microsoft Windows security auditing.txt 2013-08-18 14:26 - 2013-08-18 14:26 - 00001498 _____ C:\Users\Melissa\Desktop\Event 10,WMI.txt 2013-08-18 14:22 - 2013-08-18 14:22 - 00000382 _____ C:\Users\Melissa\Desktop\bluescreen.txt 2013-08-18 14:18 - 2013-08-18 14:18 - 00144240 _____ C:\Windows\Minidump\Mini081813-01.dmp 2013-08-18 11:07 - 2013-08-18 11:07 - 00001070 _____ C:\Users\Melissa\Desktop\JRT.txt 2013-08-18 11:05 - 2013-08-18 11:05 - 00000000 ____D C:\Windows\ERUNT 2013-08-18 11:04 - 2013-08-18 11:04 - 00006579 _____ C:\Users\Melissa\Desktop\new OTL.txt 2013-08-18 11:01 - 2008-09-24 14:46 - 00007052 _____ C:\Users\Melissa\AppData\Local\d3d9caps.dat 2013-08-18 11:00 - 2013-08-18 11:00 - 00000000 ____D C:\_OTL 2013-08-18 10:56 - 2013-08-18 10:57 - 01018166 _____ (Thisisu) C:\Users\Melissa\Desktop\JRT.exe 2013-08-18 01:49 - 2013-08-18 01:49 - 00000034 _____ C:\Users\Melissa\Desktop\compaq.txt 2013-08-18 01:44 - 2013-08-18 01:44 - 01769792 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Melissa\Desktop\sp37541.exe 2013-08-17 22:31 - 2008-05-05 13:22 - 00000000 ____D C:\hp 2013-08-17 22:17 - 2008-09-23 16:44 - 00000000 ____D C:\Users\Melissa 2013-08-17 21:55 - 2013-08-17 21:55 - 00000000 _____ C:\Windows\setuperr.log 2013-08-17 21:55 - 2013-08-17 21:55 - 00000000 _____ C:\Windows\setupact.log 2013-08-17 12:31 - 2013-08-17 12:31 - 00000546 _____ C:\Windows\PFRO.log 2013-08-17 12:23 - 2013-08-17 12:23 - 00011650 _____ C:\ComboFix.txt 2013-08-17 12:23 - 2013-08-15 22:24 - 00000000 ____D C:\Qoobox 2013-08-17 12:23 - 2006-11-02 06:18 - 00000000 ___RD C:\Users\Public 2013-08-17 12:22 - 2013-08-15 22:23 - 00000000 ____D C:\Windows\erdnt 2013-08-17 12:21 - 2006-11-02 05:23 - 00000215 _____ C:\Windows\system.ini 2013-08-17 04:16 - 2013-08-16 12:35 - 05105390 ____R (Swearware) C:\Users\Melissa\Desktop\Combo-Fix.exe 2013-08-17 04:14 - 2013-08-17 04:11 - 00074554 _____ C:\Users\Melissa\Desktop\OTL.Txt 2013-08-17 04:13 - 2013-08-17 04:13 - 00037222 _____ C:\Users\Melissa\Desktop\Extras.Txt 2013-08-17 03:41 - 2008-05-05 13:21 - 00000000 ____D C:\Windows\Panther 2013-08-16 13:40 - 2013-08-16 13:39 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-08-16 13:40 - 2013-08-13 13:27 - 00001945 _____ C:\Windows\epplauncher.mif 2013-08-16 13:29 - 2013-08-16 13:29 - 00000000 ____D C:\Combo-Fix4974C 2013-08-16 13:04 - 2013-08-16 13:04 - 00000000 ____D C:\Combo-Fix 2013-08-16 03:30 - 2013-08-16 03:30 - 00000019 _____ C:\Users\Melissa\Desktop\combofix uninstall.txt 2013-08-15 22:08 - 2013-08-15 22:08 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Melissa\Desktop\tdsskiller.exe 2013-08-15 14:57 - 2013-08-15 14:57 - 00002763 _____ C:\Users\Melissa\Desktop\RKreport[0]_D_08152013_145735.txt 2013-08-15 14:57 - 2013-08-15 14:08 - 00000000 ____D C:\Users\Melissa\Desktop\RK_Quarantine 2013-08-15 14:56 - 2013-08-15 14:56 - 00002655 _____ C:\Users\Melissa\Desktop\RKreport[0]_S_08152013_145630.txt 2013-08-15 14:07 - 2013-08-15 14:08 - 00920576 _____ C:\Users\Melissa\Desktop\RogueKiller.exe 2013-08-15 04:21 - 2013-08-15 04:21 - 00602112 _____ (OldTimer Tools) C:\Users\Melissa\Desktop\OTL.scr 2013-08-15 02:56 - 2013-08-14 04:23 - 00000000 ____D C:\Users\Melissa\AppData\Local\Adobe 2013-08-14 16:30 - 2013-08-14 16:30 - 00000000 ____D C:\Users\Melissa\AppData\Local\Apple 2013-08-14 06:49 - 2011-08-20 17:31 - 00000000 ____D C:\Users\Melissa\AppData\Local\Facebook 2013-08-14 05:09 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-14 04:50 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache 2013-08-14 04:35 - 2013-08-14 04:35 - 00000000 ____D C:\Program Files\Common Files\Java 2013-08-14 04:33 - 2013-08-14 04:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-08-14 04:32 - 2013-08-14 04:34 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-14 04:32 - 2013-08-14 04:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-14 04:32 - 2013-08-14 04:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-14 04:32 - 2013-08-12 01:18 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-14 04:32 - 2010-06-17 12:01 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-14 04:24 - 2013-08-14 04:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-14 04:24 - 2013-08-14 04:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-14 04:13 - 2013-08-12 01:04 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 04:09 - 2006-11-02 05:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-08-14 04:07 - 2008-11-12 17:46 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-14 04:04 - 2013-08-13 15:25 - 00000254 _____ C:\Users\Melissa\Desktop\lockup.txt 2013-08-14 04:03 - 2006-11-02 05:33 - 00718584 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-13 15:42 - 2013-08-13 15:42 - 00050688 _____ (Atribune.org) C:\Users\Melissa\Desktop\ATF-Cleaner.exe 2013-08-13 15:33 - 2013-08-13 15:33 - 00007840 _____ C:\Users\Melissa\Desktop\AdwCleaner[s1].txt 2013-08-13 15:30 - 2013-08-13 15:30 - 00007840 _____ C:\AdwCleaner[s1].txt 2013-08-13 15:29 - 2013-08-13 15:29 - 00008379 _____ C:\AdwCleaner[R1].txt 2013-08-13 15:28 - 2013-08-13 15:28 - 00666633 _____ C:\Users\Melissa\Desktop\AdwCleaner.exe 2013-08-13 12:38 - 2013-08-13 12:38 - 00000000 ____D C:\Windows\pss 2013-08-13 04:53 - 2008-05-05 12:47 - 00000000 ____D C:\Program Files\Java 2013-08-13 03:54 - 2013-08-13 03:54 - 00000000 ____D C:\Program Files\ESET 2013-08-12 23:06 - 2012-01-14 13:11 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Spotify 2013-08-12 18:18 - 2012-01-14 13:12 - 00000000 ____D C:\Users\Melissa\AppData\Local\Spotify 2013-08-12 02:10 - 2013-08-12 02:10 - 00000810 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-08-12 02:10 - 2013-08-12 02:10 - 00000000 ____D C:\Program Files\CCleaner 2013-08-12 01:28 - 2013-08-12 01:28 - 00000000 ____D C:\Program Files\Adobe 2013-08-12 01:28 - 2008-09-23 16:45 - 00000000 ____D C:\ProgramData\Adobe 2013-08-12 01:28 - 2008-09-23 16:45 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-08-11 23:01 - 2010-12-01 17:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-11 22:54 - 2013-08-11 22:54 - 00000633 _____ C:\Users\Melissa\Desktop\randy.txt 2013-08-11 22:48 - 2013-08-11 22:48 - 00000912 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-11 22:11 - 2011-03-05 19:23 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Sammsoft 2013-07-31 18:39 - 2013-04-19 20:22 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-24 21:40 - 2013-08-14 04:00 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-24 21:32 - 2013-08-14 04:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-24 21:30 - 2013-08-14 04:00 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-24 21:26 - 2013-08-14 04:00 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-24 21:26 - 2013-08-14 04:00 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-24 21:25 - 2013-08-14 04:00 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-24 21:24 - 2013-08-14 04:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-24 21:24 - 2013-08-14 04:00 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-24 21:23 - 2013-08-14 04:00 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-24 21:22 - 2013-08-14 04:00 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-24 21:22 - 2013-08-14 04:00 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-24 21:22 - 2013-08-14 04:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-19 10:00 ==================== End Of Log ============================ Additions Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-08-2013 Ran by Melissa at 2013-08-19 12:14:38 Running from C:\Users\Melissa\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1) Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Adobe Reader 8.1.3 (Version: 8.1.3) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ArcSoft PhotoImpression 6 (Version: 6) ArcSoft Print Creations ArcSoft Print Creations - Photo Calendar Bing Rewards Client Installer (Version: 16.0.345.0) Bonjour (Version: 3.0.0.10) CCleaner (Version: 4.04) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Coupon Printer for Windows (Version: 5.0.0.1) CyberLink DVD Suite Deluxe (Version: 5.5.1329) CyberLink PowerDirector (Version: 6.5.2726) EPSON Print CD (Version: 1.60.000) EPSON Printer Software EPSON RX595 User's Guide EPSON Scan EPSON Stylus Photo RX595 Series Scanner Driver Update ESET Online Scanner v3 Google Chrome (Version: 28.0.1500.95) Google Update Helper (Version: 1.3.21.153) Hardware Diagnostic Tools (Version: 5.1.4748.24) Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2) Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2) HP Active Support Library (Version: 3.1.0.6) HP Advisor (Version: 3.1.9152.3107) HP Customer Experience Enhancements (Version: 5.6.0.2510) HP Customer Feedback (Version: 1.0.0) HP Demo (Version: HP Demo) HP MediaSmart DVD (Version: 2.2.3309) HP Update (Version: 4.000.012.001) HPTCSSetup (Version: 1.0.964.2626) iTunes (Version: 11.0.2.26) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) LabelPrint (Version: 2.2.2529) LightScribe System Software (Version: 1.18.3.2) LightScribeTemplateLabeler (Version: 1.10.23.1) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 2.0.189.1) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 Trial (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Security Client (Version: 4.3.0216.0) Microsoft Security Essentials (Version: 4.3.216.0) Microsoft UI Engine (Version: 6.3.2348.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) muvee autoProducer 6.1 (Version: 6.10.050) My HP Games (Version: 1.0.0.43) NVIDIA Drivers OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) OpenOffice.org 2.4 (Version: 2.4.9310) Power2Go (Version: 5.6.3917) Python 2.5 (Version: 2.5.150) QuickTime (Version: 7.73.80.64) Realtek High Definition Audio Driver (Version: 6.0.1.5657) SimCity 2000® Special Edition Snapfish Picture Mover (Version: 1.9.0.16) Soft Data Fax Modem with SmartCP (Version: 7.74.00) Spotify (HKCU Version: 0.9.1.57.ge7405149) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windstream Broadband Check-up Center Yahoo! Toolbar YTD Toolbar v7.4 (Version: 7.4) ==================== Restore Points ========================= 13-08-2013 18:22:32 Windows Update 14-08-2013 08:58:10 Windows Update 14-08-2013 09:31:22 Installed Java 7 Update 25 15-08-2013 09:40:06 OTL Restore Point - 8/15/2013 4:40:06 AM 16-08-2013 22:00:10 OTL Restore Point - 8/16/2013 5:00:10 PM 17-08-2013 08:58:49 OTL Restore Point - 8/17/2013 3:58:48 AM 18-08-2013 03:14:19 Windows Update 18-08-2013 06:38:29 Installed HP Product Detection 18-08-2013 20:12:55 Scheduled Checkpoint 19-08-2013 15:43:03 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 05:23 - 2013-08-18 11:00 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {1D73D47F-422B-430E-8C73-9C4C944CFF54} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation) Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {4C8F0894-BCC7-4FDD-A226-F293E732FC27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.) Task: {512368F6-62C3-4D51-8091-743E6AE77665} - System32\Tasks\User_Feed_Synchronization-{7A320A5B-950C-4766-9FC1-C741DCB3423C} => C:\Windows\system32\msfeedssync.exe [2011-08-04] (Microsoft Corporation) Task: {587ADB68-62F6-49D8-82D7-61E8C8347A68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {63879B7D-68C4-4878-8E7D-E77FBBA78C90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {66C5B590-A60C-4DD1-8225-5891F4C6656B} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.) Task: {9E883DED-B4BA-4100-99E8-DDC899D9F687} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Melissa => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation) Task: {A6830318-9EF8-49B5-8C11-999A4AD38B9C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation) Task: {CA2757B3-BEF7-44A3-975E-51E67279E308} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.) Task: {D28FC6CA-B00F-4442-8584-7D14079909D0} - \Event Viewer Tasks\3bf4b4bb-8fd3-481e-9e75-a059b2270c71 No Task File Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {E62C7A67-3C69-490D-A90E-FDD542180203} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.) Task: {E989BC0D-CF43-442D-955E-30DB91CDD914} - \Event Viewer Tasks\cc255def-861c-4e4a-b4e1-4e1d1f97db98 No Task File Task: {EA91DCEA-DDD5-46FF-BA5E-E9CC2329EFE8} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-07-18] (Microsoft Corporation) Task: {ED32C9FB-337D-491C-8E32-AA72BD833D4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2013 09:53:44 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 06:07:38 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 05:36:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 04:56:15 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 04:34:52 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 04:10:22 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 02:18:57 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/18/2013 00:39:11 PM) (Source: ESENT) (User: ) Description: Windows (2872) Windows: The version store for this instance (0) has reached its maximum size of 127Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back. Possible long-running transaction: SessionId: 0x00EF03E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000808 Cleanup: 1 Error: (08/18/2013 11:12:33 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/19/2013 09:53:44 AM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 06:07:38 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 05:36:49 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 04:56:16 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 04:34:52 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 04:10:22 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 02:18:58 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (08/18/2013 11:12:33 AM) (Source: Service Control Manager) (User: ) Description: i8042prt Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-14 01:26:15.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:14.687 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:13.719 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:13.205 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:12.690 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:12.175 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:11.395 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:10.896 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:10.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-14 01:26:09.866 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 1917.76 MB Available physical RAM: 846.9 MB Total Pagefile: 4082.05 MB Available Pagefile: 3024.7 MB Total Virtual: 2047.88 MB Available Virtual: 1890.25 MB ==================== Drives ================================ Drive c: (COMPAQ) (Fixed) (Total:455.6 GB) (Free:340.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.16 GB) (Free:1.38 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ==================== End Of Log ============================

The system is running great. Once I get it started that is. Restart works good but when I first boot I have to attempt it several times. It either freezes or goes to startup repair option. To be fair when I first got it Windows would not start. Startup repair fixed that but after all this work it's giving me fits now. Startup repair fixed it the first time but it's broke now. Event viewer seems to indicate that this might be the problem: Log Name: System Source: Service Control Manager Date: 8/18/2013 5:36:49 PM Event ID: 7026 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Melissa-PC Description: The following boot-start or system-start driver(s) failed to load: i8042prt Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="49152">7026</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-08-18T22:36:49.000Z" /> <EventRecordID>227029</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>Melissa-PC</Computer> <Security /> </System> <EventData> <Data Name="param1"> i8042prt</Data> </EventData> </Event> I have yet to find a solution. The keyboard is USB and the mouse is a wireless USB. Not PS/2. I'll check back as soon as I can but I may not be home much. I'm going to be living in a hotel for a time while I get my wood floors sanded and finished.

They ran just fine Starbuck. Progress I hope. OTL is below. All processes killed ========== OTL ========== Service McComponentHostService stopped successfully! Service McComponentHostService deleted successfully! C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe moved successfully. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service MRESP50a64 stopped successfully! Service MRESP50a64 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found not found. Service MRENDIS5 stopped successfully! Service MRENDIS5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found. Service MREMPR5 stopped successfully! Service MREMPR5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found. Service MREMP50a64 stopped successfully! Service MREMP50a64 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\Users\Melissa\AppData\Local\Temp\catchme.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4546B8C-BED8-45A9-80AD-394B3EA7DFA3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4546B8C-BED8-45A9-80AD-394B3EA7DFA3}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windstream_BCUC_McciTrayApp not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4280bab6-8a72-11dd-9a50-001e903545ef}\ not found. File F:\Autorun.exe /run not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4280bab6-8a72-11dd-9a50-001e903545ef}\ not found. File F:\Autorun.exe /run not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4280bab6-8a72-11dd-9a50-001e903545ef}\ not found. File F:\Autorun.exe /action not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4280bab6-8a72-11dd-9a50-001e903545ef}\ not found. File F:\Autorun.exe /uninstall not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dd31614-c7ba-11de-b3f0-001e903545ef}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dd31614-c7ba-11de-b3f0-001e903545ef}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dd31614-c7ba-11de-b3f0-001e903545ef}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dd31614-c7ba-11de-b3f0-001e903545ef}\ not found. File F:\LaunchU3.exe -a not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Facebook Update\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ShopAtHomeWatcher\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Weather\ not found. ========== FILES ========== C:\Program Files\McAfee Security Scan\2.0.189\sacoredata folder moved successfully. C:\Program Files\McAfee Security Scan\2.0.189 folder moved successfully. C:\Program Files\McAfee Security Scan folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Melissa\Desktop\cmd.bat deleted successfully. C:\Users\Melissa\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Melissa ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32863707 bytes ->Java cache emptied: 8276 bytes ->Google Chrome cache emptied: 8417930 bytes ->Flash cache emptied: 1147 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 21304 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 995105 bytes Total Files Cleaned = 40.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 08182013_110000 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... JRT is below. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.9 (08.17.2013:3) OS: Windows Vista Home Premium x86 Ran by Melissa on Sun 08/18/2013 at 11:05:53.44 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\couponalert_2pei Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541} ~~~ Files Successfully deleted: [File] "C:\Windows\couponprinter.ocx" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\coupons" Successfully deleted: [Folder] "C:\Program Files\ytd toolbar" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 08/18/2013 at 11:07:51.01 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Finally. I got ComboFix and OTL to run. OTL hung on the C:\USERS\MELISSA\Local Settings\Temporary Internet Files\Content.IE5\ folder. In my first post I had the same problem with Malwarebytes and ESET. I'm betting Combofix had the same problem. I used Internet options and ATF-Cleaner to delete temp files but there was still over 150Gb of Content.IE5 temp files. I've never seen such a massive amount before. It took many days of running Ccleaner to get rid of those. Once they were gone ComboFix and OTL ran just fine. So here are the logs. :) ComboFix 13-08-16.03 - Melissa 08/17/2013 12:12:10.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.909 [GMT -5:00] Running from: c:\users\Melissa\Desktop\Combo-Fix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFR892D.tmp C:\prefs.js c:\program files\CouponAlert_2pEI c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll c:\program files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll c:\program files\WeatherBlinkEI c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Recent\Bffs.comicdoc.url . . ((((((((((((((((((((((((( Files Created from 2013-07-17 to 2013-08-17 ))))))))))))))))))))))))))))))) . . 2013-08-17 17:21 . 2013-08-17 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-17 17:21 . 2013-08-17 17:21 -------- d-----w- c:\users\Melissa\AppData\Local\temp 2013-08-16 18:43 . 2013-08-16 18:42 698504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58A80E35-E2DD-4C72-B8F9-D04AD224D3E4}\gapaengine.dll 2013-08-16 18:43 . 2013-07-02 04:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14672AC-CB38-4017-BC62-5D3741FFD096}\mpengine.dll 2013-08-16 18:39 . 2013-08-16 18:40 -------- d-----w- c:\program files\Microsoft Security Client 2013-08-16 18:04 . 2013-08-16 18:04 -------- d-----w- C:\Combo-Fix 2013-08-14 21:30 . 2013-08-14 21:30 -------- d-----w- c:\users\Melissa\AppData\Local\Apple 2013-08-14 20:16 . 2013-08-14 20:16 -------- d-----w- c:\users\Melissa\AppData\Local\ElevatedDiagnostics 2013-08-14 09:35 . 2013-08-14 09:35 -------- d-----w- c:\program files\Common Files\Java 2013-08-14 09:33 . 2013-08-14 09:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-14 09:24 . 2013-08-14 09:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-14 09:24 . 2013-08-14 09:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-14 09:23 . 2013-08-15 07:56 -------- d-----w- c:\users\Melissa\AppData\Local\Adobe 2013-08-14 01:32 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 01:32 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 01:32 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 01:31 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 01:31 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-08-14 01:31 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 01:31 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 01:31 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 01:31 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 01:31 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 01:31 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 01:31 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 01:31 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 00:05 . 2013-04-06 00:53 57727 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report0c6b41f3\google_ads_gptCACDJ1EQ.js 2013-08-13 18:35 . 2013-08-13 18:35 -------- d-----w- c:\program files\YTD Toolbar 2013-08-13 18:23 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-08-13 08:54 . 2013-08-13 08:54 -------- d-----w- c:\program files\ESET 2013-08-13 06:49 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B573B4E-8F7E-48EF-B098-FAD47C6645DF}\mpengine.dll 2013-08-12 07:10 . 2013-08-12 07:10 -------- d-----w- c:\program files\CCleaner 2013-08-12 06:18 . 2013-08-14 09:32 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-12 06:04 . 2013-08-14 09:13 -------- d-----w- c:\windows\system32\MRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-14 09:32 . 2010-06-17 17:01 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-13 20:57 . 2010-12-01 22:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-19 02:50 . 2013-06-19 02:50 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-06-04 01:50 . 2013-07-10 21:16 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:06 . 2013-07-10 21:15 505344 ----a-w- c:\windows\system32\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184] . c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2009-08-05 17:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-07-12 18:25 1104384 ----a-w- c:\users\Melissa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 23:39 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 09:24] . 2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 01:18] . 2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 01:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.windstream.net/ mStart Page = hxxp://my.att.net uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-Run-Windstream_BCUC_McciTrayApp - c:\program files\Windstream_BCUC\McciTrayApp.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Facebook Update - c:\users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe MSConfigStartUp-ShopAtHomeWatcher - c:\users\Melissa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - f:\youtube downloader\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-17 12:21 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}] "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-08-17 12:23:33 ComboFix-quarantined-files.txt 2013-08-17 17:23 . Pre-Run: 375,732,121,600 bytes free Post-Run: 375,712,022,528 bytes free . - - End Of File - - CC8B5062E6EB1211F73DFA42B2EDDAE8 03BA8F890B47C0BE359A4D5A636D214D OTL Log below. OTL logfile created on: 8/17/2013 3:56:47 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 60.19% Memory free 3.99 Gb Paging File | 3.03 Gb Available in Paging File | 76.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.60 Gb Total Space | 350.65 Gb Free Space | 76.96% Space Free | Partition Type: NTFS Drive D: | 10.16 Gb Total Space | 1.38 Gb Free Space | 13.58% Space Free | Partition Type: NTFS Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melissa\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe (McAfee, Inc.) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Melissa\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms (PC-Doctor, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.att.net/search/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{A4546B8C-BED8-45A9-80AD-394B3EA7DFA3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd IE - HKLM\..\SearchScopes\{B9A4F4FA-0026-4A20-B16B-93EE28301616}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) [2009/11/04 17:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions [2009/11/04 17:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/09/05 19:27:59 | 000,001,144 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 208.43.47.212 a1n.review.zdnet.com O1 - Hosts: 208.43.47.212 d1n.reviews.cnet.com O1 - Hosts: 208.43.47.212 reviewn.2009softwarereviews.com O1 - Hosts: 208.43.47.212 reviewsn.download.com O1 - Hosts: 208.43.47.212 reviewsn.pcadvisor.co.uk O1 - Hosts: 208.43.47.212 reviewsn.pcpro.co.uk O1 - Hosts: 208.43.47.212 reviewsn.techradar.com O1 - Hosts: 208.43.47.212 reviewsn.riverstreams.co.uk O1 - Hosts: 208.43.47.212 reviewsn.pcmag.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [sunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windstream_BCUC_McciTrayApp] "C:\Program Files\Windstream_BCUC\McciTrayApp.exe" File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA76CB46-2C32-4956-B29B-876E2B444942}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/05 12:45:51 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\AutoRun\command - "" = F:\Autorun.exe /run O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell00\Command - "" = F:\Autorun.exe /run O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell01\Command - "" = F:\Autorun.exe /action O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall O33 - MountPoints2\{6dd31614-c7ba-11de-b3f0-001e903545ef}\Shell - "" = AutoRun O33 - MountPoints2\{6dd31614-c7ba-11de-b3f0-001e903545ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe - (McAfee, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Facebook Update - hkey= - key= - File not found MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) MsConfig - StartUpReg: ShopAtHomeWatcher - hkey= - key= - File not found MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Melissa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig - StartUpReg: Weather - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/08/16 13:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/08/16 13:34:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/08/16 13:29:53 | 000,000,000 | ---D | C] -- C:\Combo-Fix4974C [2013/08/16 13:28:40 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2013/08/16 13:04:20 | 000,000,000 | ---D | C] -- C:\Combo-Fix [2013/08/16 12:35:56 | 005,105,208 | R--- | C] (Swearware) -- C:\Users\Melissa\Desktop\Combo-Fix.exe [2013/08/15 22:24:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/08/15 22:24:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/08/15 22:24:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/08/15 22:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/08/15 22:23:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/08/15 22:08:56 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Melissa\Desktop\tdsskiller.exe [2013/08/15 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\RK_Quarantine [2013/08/15 04:21:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr [2013/08/15 04:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help__files [2013/08/14 16:30:06 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Apple [2013/08/14 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\ElevatedDiagnostics [2013/08/14 04:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/08/14 04:34:42 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/08/14 04:33:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/08/14 04:33:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/08/14 04:33:56 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/08/14 04:24:38 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/08/14 04:24:38 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/08/14 04:23:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Adobe [2013/08/14 04:00:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/08/14 04:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/08/14 04:00:47 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/08/14 04:00:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/08/14 04:00:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/08/14 04:00:45 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/08/14 04:00:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/08/14 04:00:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/08/13 20:31:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013/08/13 20:31:28 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/08/13 20:31:27 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/08/13 15:42:26 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Melissa\Desktop\ATF-Cleaner.exe [2013/08/13 13:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar [2013/08/13 13:23:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013/08/13 12:38:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/08/13 03:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/08/12 02:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/08/12 02:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/08/12 02:09:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Documents\Downloads [2013/08/12 01:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013/08/12 01:18:51 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/08/12 01:04:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/08/17 03:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/08/17 03:52:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/08/17 03:52:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/08/17 03:52:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/08/17 03:52:07 | 2011,639,808 | -HS- | M] () -- C:\hiberfil.sys [2013/08/17 03:33:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/08/17 03:12:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/08/16 13:40:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/08/16 12:35:57 | 005,105,208 | R--- | M] (Swearware) -- C:\Users\Melissa\Desktop\Combo-Fix.exe [2013/08/16 00:31:15 | 000,007,052 | ---- | M] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat [2013/08/15 22:08:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Melissa\Desktop\tdsskiller.exe [2013/08/15 14:07:37 | 000,920,576 | ---- | M] () -- C:\Users\Melissa\Desktop\RogueKiller.exe [2013/08/15 04:21:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr [2013/08/15 04:17:00 | 000,052,816 | ---- | M] () -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help_.htm [2013/08/14 04:33:10 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/08/14 04:32:57 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/08/14 04:32:57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/08/14 04:32:55 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/08/14 04:32:51 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/08/14 04:32:50 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/08/14 04:24:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/08/14 04:24:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/08/14 04:03:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/08/14 04:03:31 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/08/13 15:57:16 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/08/13 15:42:26 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Melissa\Desktop\ATF-Cleaner.exe [2013/08/13 15:28:55 | 000,666,633 | ---- | M] () -- C:\Users\Melissa\Desktop\AdwCleaner.exe [2013/08/13 13:35:50 | 000,000,359 | ---- | M] () -- C:\prefs.js [2013/08/12 02:10:30 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/08/11 22:48:16 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/31 18:39:42 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/07/24 21:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/24 21:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/24 21:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/24 21:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/24 21:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/24 21:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/24 21:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/24 21:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/08/16 13:40:15 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/08/16 13:34:12 | 2011,639,808 | -HS- | C] () -- C:\hiberfil.sys [2013/08/15 22:24:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/08/15 22:24:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/08/15 22:24:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/08/15 22:24:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/08/15 22:24:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/08/15 14:08:04 | 000,920,576 | ---- | C] () -- C:\Users\Melissa\Desktop\RogueKiller.exe [2013/08/15 04:16:57 | 000,052,816 | ---- | C] () -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help_.htm [2013/08/14 04:24:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/08/13 15:28:55 | 000,666,633 | ---- | C] () -- C:\Users\Melissa\Desktop\AdwCleaner.exe [2013/08/13 13:27:05 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/08/12 02:10:30 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/08/12 01:28:53 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2013/08/11 22:48:16 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2009/06/20 08:23:14 | 000,012,326 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat [2008/11/01 11:57:39 | 000,009,216 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/30 13:04:17 | 000,024,206 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\UserTile.png [2008/09/24 14:46:02 | 000,007,052 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009/11/20 19:46:54 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\gtk-2.0 [2009/10/26 00:09:47 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PeerNetworking [2009/08/22 14:51:43 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PlayFirst [2013/08/11 22:11:00 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Sammsoft [2008/09/23 16:56:08 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Snapfish [2013/08/12 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Spotify [2009/06/20 08:23:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Template [2010/04/21 17:20:34 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\W Photo Studio Viewer [2009/10/09 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WeatherBug [2008/12/21 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WildTangent [2009/05/15 14:55:13 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2013/08/13 15:29:56 | 000,008,379 | ---- | M] () -- C:\AdwCleaner[R1].txt [2013/08/13 15:30:49 | 000,007,840 | ---- | M] () -- C:\AdwCleaner[s1].txt [2008/05/05 12:45:51 | 000,000,074 | ---- | M] () -- C:\autoexec.bat [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008/05/05 13:21:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/09/28 18:56:28 | 000,000,045 | ---- | M] () -- C:\error.log [2010/02/17 01:54:18 | 000,000,250 | ---- | M] () -- C:\FINIS_IT.TXT [2013/08/17 03:52:07 | 2011,639,808 | -HS- | M] () -- C:\hiberfil.sys [2009/06/30 10:09:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/06/30 10:09:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013/08/17 03:52:05 | 2325,491,712 | -HS- | M] () -- C:\pagefile.sys [2013/08/13 13:35:50 | 000,000,359 | ---- | M] () -- C:\prefs.js [2009/05/15 15:05:00 | 000,000,574 | ---- | M] () -- C:\RHDSetup.log [2013/06/14 09:51:17 | 000,000,000 | ---- | M] () -- C:\search.sqlite [2013/08/15 22:14:39 | 000,118,516 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_15.08.2013_22.09.55_log.txt [2009/05/16 11:00:17 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log [1 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) < End of report > Extras below. OTL Extras logfile created on: 8/17/2013 3:56:47 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 60.19% Memory free 3.99 Gb Paging File | 3.03 Gb Available in Paging File | 76.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.60 Gb Total Space | 350.65 Gb Free Space | 76.96% Space Free | Partition Type: NTFS Drive D: | 10.16 Gb Total Space | 1.38 Gb Free Space | 13.58% Space Free | Partition Type: NTFS Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- IExplore inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "AntiVirusDisableNotify" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B9654FE-EBC6-4BBE-B5FD-AAA664075EF0}" = protocol=6 | dir=in | app=c:\users\melissa\desktop\limewire\limewire.exe | "{14AE52F8-AF70-46A4-89DE-7B1F7614E390}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | "{18E8E094-21FB-4E84-BD67-5D5042067687}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{2090BB8E-BA4C-41F4-A969-C40BFC458B25}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{67E4EC63-9A4C-447B-B05B-8362B2AFC841}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | "{789D37F7-9D5D-4499-BB3D-5CDED8B7DE8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A1CA07F8-37F8-410C-805D-EC114CFB1C57}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{A4C6BC1C-FCE4-4F2D-B1E8-6FC93023AA84}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B7394E2C-8AF5-4288-BC9E-953E3A056547}" = protocol=17 | dir=in | app=c:\users\melissa\desktop\limewire\limewire.exe | "{BFEF1E80-70B7-442B-BE14-9DA2371AA62E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C4F815D8-E72D-4197-B6FB-28D067564542}" = dir=in | app=c:\program files\itunes\itunes.exe | "{C69B4E9D-B95C-4D92-ADAD-B2F1FBB457AE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{D7B978AA-74A5-4BB5-965A-C749E1C56E2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{DDCF0C9B-AF38-4643-A7FD-99AD5BC9AC22}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{FAFF1766-FA81-4139-9A70-B812263670AA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{9AA78D2C-67E0-4E1C-AF92-21E29613FCE9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{A5738C82-BD4A-4B48-847B-E0B3B5075ADF}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe | "TCP Query User{DEF82CCC-4959-4F26-A6A9-5FB3400FCF3A}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe | "UDP Query User{671EF390-804E-4B5F-AE6D-37B131E922E8}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe | "UDP Query User{B68B18AB-BD25-4A71-9383-C449EE49FE3B}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe | "UDP Query User{D1E9D71D-53C1-444D-AA6A-38821BDEBDC9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3 "{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{265BC03B-AB12-4319-81A0-19E531C2C9FA}" = YTD Toolbar v7.4 "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4 "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler "{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44F3AD4C-D8A0-40DD-94A1-7443BE9953C7}_is1" = HP Demo "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{59D268DF-CCA9-44C5-8F96-2E51BB34C829}" = Microsoft Security Client "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6 "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup "{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "Silent Package Run-Time Sample" = EPSON RX595 User's Guide "SimCity2000CDv1" = SimCity 2000® Special Edition "sp41121" = sp41121 "sp44626" = sp44626 "WildTangent hp Master Uninstall" = My HP Games "Windstream_BCUC" = Windstream Broadband Check-up Center "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/16/2013 1:58:52 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 2:02:52 PM | Computer Name = Melissa-PC | Source = EventSystem | ID = 4609 Description = Error - 8/16/2013 2:03:33 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 2:08:55 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 2:28:12 PM | Computer Name = Melissa-PC | Source = EventSystem | ID = 4609 Description = Error - 8/16/2013 2:28:52 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 2:34:52 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 3:01:01 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 8:19:54 PM | Computer Name = Melissa-PC | Source = Application Hang | ID = 1002 Description = The program OTL.scr version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: a30 Start Time: 01ce9acb84c2f894 Termination Time: 16 Error - 8/17/2013 4:53:22 AM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 6/9/2009 7:58:35 AM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 9/13/2009 9:27:05 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/11/2009 11:29:08 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 9/17/2010 8:22:48 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error encountered while reading event logs. < End of report >

Finally. I got ComboFix and OTL to run. OTL hung on the C:\USERS\MELISSA\Local Settings\Temporary Internet Files\Content.IE5\ folder. In my first post I had the same problem with Malwarebytes and ESET. I'm betting Combofix had the same problem. I used Internet options and ATF-Cleaner to delete temp files but there was still over 150Gb of Content.IE5 temp files. I've never seen such a massive amount before. It took many days of running Ccleaner to get rid of those. Once they were gone ComboFix and OTL ran just fine. So here are the logs. :) ComboFix 13-08-16.03 - Melissa 08/17/2013 12:12:10.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.909 [GMT -5:00] Running from: c:\users\Melissa\Desktop\Combo-Fix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFR892D.tmp C:\prefs.js c:\program files\CouponAlert_2pEI c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll c:\program files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll c:\program files\WeatherBlinkEI c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Recent\Bffs.comicdoc.url . . ((((((((((((((((((((((((( Files Created from 2013-07-17 to 2013-08-17 ))))))))))))))))))))))))))))))) . . 2013-08-17 17:21 . 2013-08-17 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-17 17:21 . 2013-08-17 17:21 -------- d-----w- c:\users\Melissa\AppData\Local\temp 2013-08-16 18:43 . 2013-08-16 18:42 698504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58A80E35-E2DD-4C72-B8F9-D04AD224D3E4}\gapaengine.dll 2013-08-16 18:43 . 2013-07-02 04:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C14672AC-CB38-4017-BC62-5D3741FFD096}\mpengine.dll 2013-08-16 18:39 . 2013-08-16 18:40 -------- d-----w- c:\program files\Microsoft Security Client 2013-08-16 18:04 . 2013-08-16 18:04 -------- d-----w- C:\Combo-Fix 2013-08-14 21:30 . 2013-08-14 21:30 -------- d-----w- c:\users\Melissa\AppData\Local\Apple 2013-08-14 20:16 . 2013-08-14 20:16 -------- d-----w- c:\users\Melissa\AppData\Local\ElevatedDiagnostics 2013-08-14 09:35 . 2013-08-14 09:35 -------- d-----w- c:\program files\Common Files\Java 2013-08-14 09:33 . 2013-08-14 09:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-14 09:24 . 2013-08-14 09:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-14 09:24 . 2013-08-14 09:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-14 09:23 . 2013-08-15 07:56 -------- d-----w- c:\users\Melissa\AppData\Local\Adobe 2013-08-14 01:32 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 01:32 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 01:32 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 01:31 . 2013-07-05 03:20 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 01:31 . 2013-07-05 01:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-08-14 01:31 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 01:31 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 01:31 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 01:31 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 01:31 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 01:31 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 01:31 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 01:31 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 00:05 . 2013-04-06 00:53 57727 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report0c6b41f3\google_ads_gptCACDJ1EQ.js 2013-08-13 18:35 . 2013-08-13 18:35 -------- d-----w- c:\program files\YTD Toolbar 2013-08-13 18:23 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-08-13 08:54 . 2013-08-13 08:54 -------- d-----w- c:\program files\ESET 2013-08-13 06:49 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B573B4E-8F7E-48EF-B098-FAD47C6645DF}\mpengine.dll 2013-08-12 07:10 . 2013-08-12 07:10 -------- d-----w- c:\program files\CCleaner 2013-08-12 06:18 . 2013-08-14 09:32 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-12 06:04 . 2013-08-14 09:13 -------- d-----w- c:\windows\system32\MRT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-14 09:32 . 2010-06-17 17:01 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-13 20:57 . 2010-12-01 22:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-19 02:50 . 2013-06-19 02:50 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-06-04 01:50 . 2013-07-10 21:16 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:06 . 2013-07-10 21:15 505344 ----a-w- c:\windows\system32\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184] . c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor] 2009-08-05 17:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-07-12 18:25 1104384 ----a-w- c:\users\Melissa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 23:39 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 09:24] . 2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 01:18] . 2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-20 01:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.windstream.net/ mStart Page = hxxp://my.att.net uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-Run-Windstream_BCUC_McciTrayApp - c:\program files\Windstream_BCUC\McciTrayApp.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Facebook Update - c:\users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe MSConfigStartUp-ShopAtHomeWatcher - c:\users\Melissa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - f:\youtube downloader\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-17 12:21 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}] "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-08-17 12:23:33 ComboFix-quarantined-files.txt 2013-08-17 17:23 . Pre-Run: 375,732,121,600 bytes free Post-Run: 375,712,022,528 bytes free . - - End Of File - - CC8B5062E6EB1211F73DFA42B2EDDAE8 03BA8F890B47C0BE359A4D5A636D214D OTL Log below. OTL logfile created on: 8/17/2013 3:56:47 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 60.19% Memory free 3.99 Gb Paging File | 3.03 Gb Available in Paging File | 76.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.60 Gb Total Space | 350.65 Gb Free Space | 76.96% Space Free | Partition Type: NTFS Drive D: | 10.16 Gb Total Space | 1.38 Gb Free Space | 13.58% Space Free | Partition Type: NTFS Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melissa\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe (McAfee, Inc.) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Melissa\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms (PC-Doctor, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.att.net/search/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{A4546B8C-BED8-45A9-80AD-394B3EA7DFA3}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd IE - HKLM\..\SearchScopes\{B9A4F4FA-0026-4A20-B16B-93EE28301616}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) [2009/11/04 17:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions [2009/11/04 17:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/09/05 19:27:59 | 000,001,144 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 208.43.47.212 a1n.review.zdnet.com O1 - Hosts: 208.43.47.212 d1n.reviews.cnet.com O1 - Hosts: 208.43.47.212 reviewn.2009softwarereviews.com O1 - Hosts: 208.43.47.212 reviewsn.download.com O1 - Hosts: 208.43.47.212 reviewsn.pcadvisor.co.uk O1 - Hosts: 208.43.47.212 reviewsn.pcpro.co.uk O1 - Hosts: 208.43.47.212 reviewsn.techradar.com O1 - Hosts: 208.43.47.212 reviewsn.riverstreams.co.uk O1 - Hosts: 208.43.47.212 reviewsn.pcmag.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [sunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windstream_BCUC_McciTrayApp] "C:\Program Files\Windstream_BCUC\McciTrayApp.exe" File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA76CB46-2C32-4956-B29B-876E2B444942}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/05 12:45:51 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\AutoRun\command - "" = F:\Autorun.exe /run O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell00\Command - "" = F:\Autorun.exe /run O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell01\Command - "" = F:\Autorun.exe /action O33 - MountPoints2\{4280bab6-8a72-11dd-9a50-001e903545ef}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall O33 - MountPoints2\{6dd31614-c7ba-11de-b3f0-001e903545ef}\Shell - "" = AutoRun O33 - MountPoints2\{6dd31614-c7ba-11de-b3f0-001e903545ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe - (McAfee, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Facebook Update - hkey= - key= - File not found MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) MsConfig - StartUpReg: ShopAtHomeWatcher - hkey= - key= - File not found MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Melissa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig - StartUpReg: Weather - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/08/16 13:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/08/16 13:34:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/08/16 13:29:53 | 000,000,000 | ---D | C] -- C:\Combo-Fix4974C [2013/08/16 13:28:40 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2013/08/16 13:04:20 | 000,000,000 | ---D | C] -- C:\Combo-Fix [2013/08/16 12:35:56 | 005,105,208 | R--- | C] (Swearware) -- C:\Users\Melissa\Desktop\Combo-Fix.exe [2013/08/15 22:24:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/08/15 22:24:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/08/15 22:24:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/08/15 22:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/08/15 22:23:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/08/15 22:08:56 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Melissa\Desktop\tdsskiller.exe [2013/08/15 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\RK_Quarantine [2013/08/15 04:21:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr [2013/08/15 04:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help__files [2013/08/14 16:30:06 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Apple [2013/08/14 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\ElevatedDiagnostics [2013/08/14 04:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/08/14 04:34:42 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/08/14 04:33:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/08/14 04:33:56 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/08/14 04:33:56 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/08/14 04:24:38 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/08/14 04:24:38 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/08/14 04:23:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Adobe [2013/08/14 04:00:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/08/14 04:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/08/14 04:00:47 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/08/14 04:00:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/08/14 04:00:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/08/14 04:00:45 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/08/14 04:00:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/08/14 04:00:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/08/13 20:31:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013/08/13 20:31:28 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/08/13 20:31:27 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/08/13 15:42:26 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Melissa\Desktop\ATF-Cleaner.exe [2013/08/13 13:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar [2013/08/13 13:23:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013/08/13 12:38:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/08/13 03:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/08/12 02:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/08/12 02:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/08/12 02:09:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\Documents\Downloads [2013/08/12 01:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013/08/12 01:18:51 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/08/12 01:04:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/08/17 03:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/08/17 03:52:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/08/17 03:52:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/08/17 03:52:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/08/17 03:52:07 | 2011,639,808 | -HS- | M] () -- C:\hiberfil.sys [2013/08/17 03:33:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/08/17 03:12:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/08/16 13:40:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/08/16 12:35:57 | 005,105,208 | R--- | M] (Swearware) -- C:\Users\Melissa\Desktop\Combo-Fix.exe [2013/08/16 00:31:15 | 000,007,052 | ---- | M] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat [2013/08/15 22:08:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Melissa\Desktop\tdsskiller.exe [2013/08/15 14:07:37 | 000,920,576 | ---- | M] () -- C:\Users\Melissa\Desktop\RogueKiller.exe [2013/08/15 04:21:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.scr [2013/08/15 04:17:00 | 000,052,816 | ---- | M] () -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help_.htm [2013/08/14 04:33:10 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/08/14 04:32:57 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/08/14 04:32:57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/08/14 04:32:55 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/08/14 04:32:51 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/08/14 04:32:50 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/08/14 04:24:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/08/14 04:24:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/08/14 04:03:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/08/14 04:03:31 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/08/13 15:57:16 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/08/13 15:42:26 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Melissa\Desktop\ATF-Cleaner.exe [2013/08/13 15:28:55 | 000,666,633 | ---- | M] () -- C:\Users\Melissa\Desktop\AdwCleaner.exe [2013/08/13 13:35:50 | 000,000,359 | ---- | M] () -- C:\prefs.js [2013/08/12 02:10:30 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/08/11 22:48:16 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/31 18:39:42 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/07/24 21:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/24 21:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/24 21:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/24 21:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/24 21:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/24 21:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/24 21:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/24 21:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/08/16 13:40:15 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/08/16 13:34:12 | 2011,639,808 | -HS- | C] () -- C:\hiberfil.sys [2013/08/15 22:24:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/08/15 22:24:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/08/15 22:24:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/08/15 22:24:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/08/15 22:24:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/08/15 14:08:04 | 000,920,576 | ---- | C] () -- C:\Users\Melissa\Desktop\RogueKiller.exe [2013/08/15 04:16:57 | 000,052,816 | ---- | C] () -- C:\Users\Melissa\Desktop\Before posting for Malware Removal help_.htm [2013/08/14 04:24:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/08/13 15:28:55 | 000,666,633 | ---- | C] () -- C:\Users\Melissa\Desktop\AdwCleaner.exe [2013/08/13 13:27:05 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/08/12 02:10:30 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/08/12 01:28:53 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2013/08/11 22:48:16 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2009/06/20 08:23:14 | 000,012,326 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat [2008/11/01 11:57:39 | 000,009,216 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/30 13:04:17 | 000,024,206 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\UserTile.png [2008/09/24 14:46:02 | 000,007,052 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009/11/20 19:46:54 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\gtk-2.0 [2009/10/26 00:09:47 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PeerNetworking [2009/08/22 14:51:43 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\PlayFirst [2013/08/11 22:11:00 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Sammsoft [2008/09/23 16:56:08 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Snapfish [2013/08/12 23:06:44 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Spotify [2009/06/20 08:23:15 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Template [2010/04/21 17:20:34 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\W Photo Studio Viewer [2009/10/09 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WeatherBug [2008/12/21 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WildTangent [2009/05/15 14:55:13 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2013/08/13 15:29:56 | 000,008,379 | ---- | M] () -- C:\AdwCleaner[R1].txt [2013/08/13 15:30:49 | 000,007,840 | ---- | M] () -- C:\AdwCleaner[s1].txt [2008/05/05 12:45:51 | 000,000,074 | ---- | M] () -- C:\autoexec.bat [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008/05/05 13:21:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/09/28 18:56:28 | 000,000,045 | ---- | M] () -- C:\error.log [2010/02/17 01:54:18 | 000,000,250 | ---- | M] () -- C:\FINIS_IT.TXT [2013/08/17 03:52:07 | 2011,639,808 | -HS- | M] () -- C:\hiberfil.sys [2009/06/30 10:09:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/06/30 10:09:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013/08/17 03:52:05 | 2325,491,712 | -HS- | M] () -- C:\pagefile.sys [2013/08/13 13:35:50 | 000,000,359 | ---- | M] () -- C:\prefs.js [2009/05/15 15:05:00 | 000,000,574 | ---- | M] () -- C:\RHDSetup.log [2013/06/14 09:51:17 | 000,000,000 | ---- | M] () -- C:\search.sqlite [2013/08/15 22:14:39 | 000,118,516 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_15.08.2013_22.09.55_log.txt [2009/05/16 11:00:17 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log [1 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/04 09:22:33 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/07/24 21:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) < End of report > Extras below. OTL Extras logfile created on: 8/17/2013 3:56:47 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 60.19% Memory free 3.99 Gb Paging File | 3.03 Gb Available in Paging File | 76.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.60 Gb Total Space | 350.65 Gb Free Space | 76.96% Space Free | Partition Type: NTFS Drive D: | 10.16 Gb Total Space | 1.38 Gb Free Space | 13.58% Space Free | Partition Type: NTFS Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- IExplore inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "AntiVirusDisableNotify" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B9654FE-EBC6-4BBE-B5FD-AAA664075EF0}" = protocol=6 | dir=in | app=c:\users\melissa\desktop\limewire\limewire.exe | "{14AE52F8-AF70-46A4-89DE-7B1F7614E390}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | "{18E8E094-21FB-4E84-BD67-5D5042067687}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{2090BB8E-BA4C-41F4-A969-C40BFC458B25}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{67E4EC63-9A4C-447B-B05B-8362B2AFC841}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | "{789D37F7-9D5D-4499-BB3D-5CDED8B7DE8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A1CA07F8-37F8-410C-805D-EC114CFB1C57}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{A4C6BC1C-FCE4-4F2D-B1E8-6FC93023AA84}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B7394E2C-8AF5-4288-BC9E-953E3A056547}" = protocol=17 | dir=in | app=c:\users\melissa\desktop\limewire\limewire.exe | "{BFEF1E80-70B7-442B-BE14-9DA2371AA62E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C4F815D8-E72D-4197-B6FB-28D067564542}" = dir=in | app=c:\program files\itunes\itunes.exe | "{C69B4E9D-B95C-4D92-ADAD-B2F1FBB457AE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{D7B978AA-74A5-4BB5-965A-C749E1C56E2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{DDCF0C9B-AF38-4643-A7FD-99AD5BC9AC22}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{FAFF1766-FA81-4139-9A70-B812263670AA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{9AA78D2C-67E0-4E1C-AF92-21E29613FCE9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{A5738C82-BD4A-4B48-847B-E0B3B5075ADF}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe | "TCP Query User{DEF82CCC-4959-4F26-A6A9-5FB3400FCF3A}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe | "UDP Query User{671EF390-804E-4B5F-AE6D-37B131E922E8}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe | "UDP Query User{B68B18AB-BD25-4A71-9383-C449EE49FE3B}C:\users\melissa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\melissa\appdata\roaming\spotify\spotify.exe | "UDP Query User{D1E9D71D-53C1-444D-AA6A-38821BDEBDC9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3 "{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{265BC03B-AB12-4319-81A0-19E531C2C9FA}" = YTD Toolbar v7.4 "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4 "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler "{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44F3AD4C-D8A0-40DD-94A1-7443BE9953C7}_is1" = HP Demo "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{59D268DF-CCA9-44C5-8F96-2E51BB34C829}" = Microsoft Security Client "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6 "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup "{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1 "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "Silent Package Run-Time Sample" = EPSON RX595 User's Guide "SimCity2000CDv1" = SimCity 2000® Special Edition "sp41121" = sp41121 "sp44626" = sp44626 "WildTangent hp Master Uninstall" = My HP Games "Windstream_BCUC" = Windstream Broadband Check-up Center "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/16/2013 1:58:52 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 2:02:52 PM | Computer Name = Melissa-PC | Source = EventSystem | ID = 4609 Description = Error - 8/16/2013 2:03:33 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 2:08:55 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 2:28:12 PM | Computer Name = Melissa-PC | Source = EventSystem | ID = 4609 Description = Error - 8/16/2013 2:28:52 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 2:34:52 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 3:01:01 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = Error - 8/16/2013 8:19:54 PM | Computer Name = Melissa-PC | Source = Application Hang | ID = 1002 Description = The program OTL.scr version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: a30 Start Time: 01ce9acb84c2f894 Termination Time: 16 Error - 8/17/2013 4:53:22 AM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 6/9/2009 7:58:35 AM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 9/13/2009 9:27:05 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/11/2009 11:29:08 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 9/17/2010 8:22:48 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error encountered while reading event logs. < End of report >

No luck I'm afraid. In safemode it initializes with some failure to load files then just quits. It never goes to the AutoScan screen.

I tried to run combofix as administrator and with all security turned off. MSE and Windows firewall. I tried several times and even let it run for hours. After stage 4 nothing happens. Needless to say there is no log. Maybe I should try combofix /uninstall and download a fresh copy. I'll wait for your guidance first though.

TDSSKiller didn't find anything but here is the report. :) 22:09:55.0358 1272 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:09:56.0325 1272 ============================================================ 22:09:56.0325 1272 Current date / time: 2013/08/15 22:09:56.0325 22:09:56.0325 1272 SystemInfo: 22:09:56.0325 1272 22:09:56.0325 1272 OS Version: 6.0.6002 ServicePack: 2.0 22:09:56.0325 1272 Product type: Workstation 22:09:56.0325 1272 ComputerName: MELISSA-PC 22:09:56.0325 1272 UserName: Melissa 22:09:56.0325 1272 Windows directory: C:\Windows 22:09:56.0325 1272 System windows directory: C:\Windows 22:09:56.0325 1272 Processor architecture: Intel x86 22:09:56.0325 1272 Number of processors: 2 22:09:56.0325 1272 Page size: 0x1000 22:09:56.0325 1272 Boot type: Normal boot 22:09:56.0325 1272 ============================================================ 22:09:59.0102 1272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:09:59.0102 1272 ============================================================ 22:09:59.0102 1272 \Device\Harddisk0\DR0: 22:09:59.0102 1272 MBR partitions: 22:09:59.0102 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38F34054 22:09:59.0102 1272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38F34093, BlocksNum 0x1450BAE 22:09:59.0102 1272 ============================================================ 22:09:59.0133 1272 C: <-> \Device\Harddisk0\DR0\Partition1 22:09:59.0226 1272 D: <-> \Device\Harddisk0\DR0\Partition2 22:09:59.0398 1272 ============================================================ 22:09:59.0398 1272 Initialize success 22:09:59.0398 1272 ============================================================ 22:10:20.0723 3420 ============================================================ 22:10:20.0723 3420 Scan started 22:10:20.0723 3420 Mode: Manual; 22:10:20.0723 3420 ============================================================ 22:10:21.0066 3420 ================ Scan system memory ======================== 22:10:21.0066 3420 System memory - ok 22:10:21.0066 3420 ================ Scan services ============================= 22:10:21.0222 3420 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 22:10:21.0238 3420 ACDaemon - ok 22:10:21.0363 3420 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 22:10:21.0378 3420 ACPI - ok 22:10:21.0488 3420 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:10:21.0503 3420 AdobeFlashPlayerUpdateSvc - ok 22:10:21.0612 3420 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:10:21.0628 3420 adp94xx - ok 22:10:21.0675 3420 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:10:21.0690 3420 adpahci - ok 22:10:21.0722 3420 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 22:10:21.0722 3420 adpu160m - ok 22:10:21.0768 3420 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:10:21.0784 3420 adpu320 - ok 22:10:21.0878 3420 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:10:21.0893 3420 AeLookupSvc - ok 22:10:21.0924 3420 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys 22:10:21.0924 3420 Afc - ok 22:10:22.0018 3420 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 22:10:22.0018 3420 AFD - ok 22:10:22.0080 3420 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:10:22.0080 3420 agp440 - ok 22:10:22.0143 3420 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 22:10:22.0143 3420 aic78xx - ok 22:10:22.0174 3420 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 22:10:22.0190 3420 ALG - ok 22:10:22.0205 3420 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 22:10:22.0221 3420 aliide - ok 22:10:22.0252 3420 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 22:10:22.0283 3420 amdagp - ok 22:10:22.0314 3420 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 22:10:22.0314 3420 amdide - ok 22:10:22.0361 3420 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 22:10:22.0377 3420 AmdK7 - ok 22:10:22.0408 3420 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:10:22.0408 3420 AmdK8 - ok 22:10:22.0439 3420 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 22:10:22.0439 3420 Appinfo - ok 22:10:22.0533 3420 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:10:22.0533 3420 Apple Mobile Device - ok 22:10:22.0580 3420 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 22:10:22.0595 3420 arc - ok 22:10:22.0642 3420 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:10:22.0642 3420 arcsas - ok 22:10:22.0704 3420 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:10:22.0704 3420 AsyncMac - ok 22:10:22.0767 3420 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 22:10:22.0767 3420 atapi - ok 22:10:22.0829 3420 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:10:22.0845 3420 AudioEndpointBuilder - ok 22:10:22.0876 3420 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 22:10:22.0876 3420 Audiosrv - ok 22:10:22.0907 3420 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 22:10:22.0907 3420 Beep - ok 22:10:22.0970 3420 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 22:10:22.0985 3420 BFE - ok 22:10:23.0094 3420 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 22:10:23.0126 3420 BITS - ok 22:10:23.0157 3420 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 22:10:23.0157 3420 blbdrive - ok 22:10:23.0282 3420 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:10:23.0297 3420 Bonjour Service - ok 22:10:23.0391 3420 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:10:23.0406 3420 bowser - ok 22:10:23.0453 3420 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 22:10:23.0484 3420 BrFiltLo - ok 22:10:23.0500 3420 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 22:10:23.0516 3420 BrFiltUp - ok 22:10:23.0562 3420 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 22:10:23.0562 3420 Browser - ok 22:10:23.0625 3420 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 22:10:23.0625 3420 Brserid - ok 22:10:23.0656 3420 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 22:10:23.0656 3420 BrSerWdm - ok 22:10:23.0703 3420 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 22:10:23.0703 3420 BrUsbMdm - ok 22:10:23.0750 3420 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 22:10:23.0750 3420 BrUsbSer - ok 22:10:23.0796 3420 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:10:23.0796 3420 BTHMODEM - ok 22:10:23.0828 3420 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:10:23.0843 3420 cdfs - ok 22:10:23.0952 3420 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:10:23.0968 3420 cdrom - ok 22:10:24.0015 3420 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 22:10:24.0030 3420 CertPropSvc - ok 22:10:24.0046 3420 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 22:10:24.0046 3420 circlass - ok 22:10:24.0124 3420 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 22:10:24.0124 3420 CLFS - ok 22:10:24.0186 3420 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:10:24.0202 3420 clr_optimization_v2.0.50727_32 - ok 22:10:24.0296 3420 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:10:24.0342 3420 clr_optimization_v4.0.30319_32 - ok 22:10:24.0374 3420 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:10:24.0374 3420 cmdide - ok 22:10:24.0420 3420 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:10:24.0420 3420 Compbatt - ok 22:10:24.0436 3420 COMSysApp - ok 22:10:24.0483 3420 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:10:24.0483 3420 crcdisk - ok 22:10:24.0530 3420 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 22:10:24.0530 3420 Crusoe - ok 22:10:24.0576 3420 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:10:24.0592 3420 CryptSvc - ok 22:10:24.0670 3420 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:10:24.0701 3420 DcomLaunch - ok 22:10:24.0717 3420 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:10:24.0732 3420 DfsC - ok 22:10:24.0842 3420 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 22:10:24.0888 3420 DFSR - ok 22:10:24.0966 3420 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 22:10:24.0966 3420 Dhcp - ok 22:10:25.0013 3420 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 22:10:25.0013 3420 disk - ok 22:10:25.0091 3420 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:10:25.0091 3420 Dnscache - ok 22:10:25.0169 3420 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:10:25.0185 3420 dot3svc - ok 22:10:25.0247 3420 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 22:10:25.0247 3420 DPS - ok 22:10:25.0310 3420 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:10:25.0310 3420 drmkaud - ok 22:10:25.0388 3420 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:10:25.0419 3420 DXGKrnl - ok 22:10:25.0450 3420 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 22:10:25.0450 3420 E1G60 - ok 22:10:25.0512 3420 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 22:10:25.0512 3420 EapHost - ok 22:10:25.0544 3420 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 22:10:25.0559 3420 Ecache - ok 22:10:25.0637 3420 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:10:25.0653 3420 ehRecvr - ok 22:10:25.0668 3420 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 22:10:25.0684 3420 ehSched - ok 22:10:25.0715 3420 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 22:10:25.0731 3420 ehstart - ok 22:10:25.0778 3420 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:10:25.0793 3420 elxstor - ok 22:10:25.0856 3420 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 22:10:25.0887 3420 EMDMgmt - ok 22:10:25.0918 3420 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:10:25.0918 3420 ErrDev - ok 22:10:25.0996 3420 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 22:10:25.0996 3420 EventSystem - ok 22:10:26.0058 3420 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 22:10:26.0058 3420 exfat - ok 22:10:26.0136 3420 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:10:26.0136 3420 fastfat - ok 22:10:26.0183 3420 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:10:26.0199 3420 fdc - ok 22:10:26.0246 3420 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 22:10:26.0246 3420 fdPHost - ok 22:10:26.0277 3420 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 22:10:26.0277 3420 FDResPub - ok 22:10:26.0308 3420 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:10:26.0339 3420 FileInfo - ok 22:10:26.0370 3420 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:10:26.0370 3420 Filetrace - ok 22:10:26.0402 3420 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:10:26.0402 3420 flpydisk - ok 22:10:26.0464 3420 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:10:26.0464 3420 FltMgr - ok 22:10:26.0589 3420 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll 22:10:26.0620 3420 FontCache - ok 22:10:26.0667 3420 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 22:10:26.0667 3420 FontCache3.0.0.0 - ok 22:10:26.0729 3420 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:10:26.0729 3420 Fs_Rec - ok 22:10:26.0760 3420 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:10:26.0760 3420 gagp30kx - ok 22:10:26.0854 3420 [ 6139AE70E943B2A57AD04B70A316C0A0 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe 22:10:27.0104 3420 GameConsoleService - ok 22:10:27.0150 3420 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:10:27.0150 3420 GEARAspiWDM - ok 22:10:27.0213 3420 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 22:10:27.0228 3420 gpsvc - ok 22:10:27.0338 3420 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 22:10:27.0369 3420 gupdate - ok 22:10:27.0384 3420 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 22:10:27.0384 3420 gupdatem - ok 22:10:27.0462 3420 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:10:27.0478 3420 HDAudBus - ok 22:10:27.0509 3420 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:10:27.0525 3420 HidBth - ok 22:10:27.0540 3420 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 22:10:27.0540 3420 HidIr - ok 22:10:27.0603 3420 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 22:10:27.0603 3420 hidserv - ok 22:10:27.0650 3420 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:10:27.0650 3420 HidUsb - ok 22:10:27.0681 3420 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:10:27.0681 3420 hkmsvc - ok 22:10:27.0743 3420 [ CB383AB0B8BA871D893B86D3C9A3ED9F ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 22:10:27.0743 3420 HP Health Check Service - ok 22:10:27.0790 3420 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 22:10:27.0790 3420 HpCISSs - ok 22:10:27.0868 3420 [ 88749FBF8BEB18C90E7D6626C8C1910B ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys 22:10:27.0899 3420 HSF_DP - ok 22:10:27.0946 3420 [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 22:10:27.0946 3420 HSXHWBS2 - ok 22:10:28.0008 3420 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:10:28.0024 3420 HTTP - ok 22:10:28.0086 3420 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 22:10:28.0086 3420 i2omp - ok 22:10:28.0118 3420 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:10:28.0118 3420 i8042prt - ok 22:10:28.0164 3420 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 22:10:28.0164 3420 iaStorV - ok 22:10:28.0258 3420 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:10:28.0274 3420 idsvc - ok 22:10:28.0305 3420 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:10:28.0305 3420 iirsp - ok 22:10:28.0414 3420 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 22:10:28.0430 3420 IKEEXT - ok 22:10:28.0508 3420 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 22:10:28.0570 3420 IntcAzAudAddService - ok 22:10:28.0601 3420 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 22:10:28.0601 3420 intelide - ok 22:10:28.0632 3420 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:10:28.0632 3420 intelppm - ok 22:10:28.0679 3420 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:10:28.0695 3420 IPBusEnum - ok 22:10:28.0726 3420 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:10:28.0742 3420 IpFilterDriver - ok 22:10:28.0788 3420 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:10:28.0804 3420 iphlpsvc - ok 22:10:28.0804 3420 IpInIp - ok 22:10:28.0851 3420 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 22:10:28.0851 3420 IPMIDRV - ok 22:10:28.0882 3420 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 22:10:28.0882 3420 IPNAT - ok 22:10:28.0929 3420 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:10:28.0944 3420 iPod Service - ok 22:10:28.0960 3420 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:10:28.0960 3420 IRENUM - ok 22:10:28.0976 3420 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:10:28.0976 3420 isapnp - ok 22:10:29.0054 3420 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 22:10:29.0069 3420 iScsiPrt - ok 22:10:29.0116 3420 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 22:10:29.0116 3420 iteatapi - ok 22:10:29.0163 3420 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 22:10:29.0163 3420 iteraid - ok 22:10:29.0178 3420 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:10:29.0194 3420 kbdclass - ok 22:10:29.0256 3420 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:10:29.0256 3420 kbdhid - ok 22:10:29.0288 3420 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 22:10:29.0288 3420 KeyIso - ok 22:10:29.0334 3420 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:10:29.0350 3420 KSecDD - ok 22:10:29.0381 3420 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 22:10:29.0397 3420 KtmRm - ok 22:10:29.0459 3420 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 22:10:29.0459 3420 LanmanServer - ok 22:10:29.0522 3420 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:10:29.0537 3420 LanmanWorkstation - ok 22:10:29.0584 3420 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 22:10:29.0600 3420 LightScribeService - ok 22:10:29.0631 3420 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:10:29.0631 3420 lltdio - ok 22:10:29.0646 3420 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:10:29.0662 3420 lltdsvc - ok 22:10:29.0693 3420 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:10:29.0693 3420 lmhosts - ok 22:10:29.0740 3420 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:10:29.0740 3420 LSI_FC - ok 22:10:29.0771 3420 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:10:29.0771 3420 LSI_SAS - ok 22:10:29.0818 3420 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:10:29.0818 3420 LSI_SCSI - ok 22:10:29.0865 3420 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 22:10:29.0865 3420 luafv - ok 22:10:29.0958 3420 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys 22:10:29.0958 3420 MBAMSwissArmy - ok 22:10:30.0005 3420 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe 22:10:30.0036 3420 McciCMService - ok 22:10:30.0161 3420 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe 22:10:30.0177 3420 McComponentHostService - ok 22:10:30.0224 3420 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:10:30.0224 3420 Mcx2Svc - ok 22:10:30.0286 3420 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 22:10:30.0286 3420 mdmxsdk - ok 22:10:30.0364 3420 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 22:10:30.0411 3420 megasas - ok 22:10:30.0442 3420 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 22:10:30.0458 3420 MegaSR - ok 22:10:30.0489 3420 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 22:10:30.0504 3420 MMCSS - ok 22:10:30.0520 3420 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 22:10:30.0520 3420 Modem - ok 22:10:30.0551 3420 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:10:30.0551 3420 monitor - ok 22:10:30.0567 3420 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:10:30.0567 3420 mouclass - ok 22:10:30.0598 3420 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:10:30.0598 3420 mouhid - ok 22:10:30.0614 3420 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 22:10:30.0614 3420 MountMgr - ok 22:10:30.0676 3420 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 22:10:30.0676 3420 MpFilter - ok 22:10:30.0738 3420 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 22:10:30.0738 3420 mpio - ok 22:10:30.0894 3420 [ A69630D039C38018689190234F866D77 ] MpKsl50bb57df c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F22D14C-24A4-4449-87B1-F1D9C0E56B38}\MpKsl50bb57df.sys 22:10:30.0894 3420 MpKsl50bb57df - ok 22:10:30.0941 3420 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:10:30.0941 3420 mpsdrv - ok 22:10:30.0988 3420 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 22:10:31.0004 3420 MpsSvc - ok 22:10:31.0050 3420 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 22:10:31.0050 3420 Mraid35x - ok 22:10:31.0082 3420 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 22:10:31.0144 3420 MREMP50 - ok 22:10:31.0160 3420 MREMP50a64 - ok 22:10:31.0160 3420 MREMPR5 - ok 22:10:31.0175 3420 MRENDIS5 - ok 22:10:31.0206 3420 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 22:10:31.0222 3420 MRESP50 - ok 22:10:31.0238 3420 MRESP50a64 - ok 22:10:31.0284 3420 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:10:31.0284 3420 MRxDAV - ok 22:10:31.0331 3420 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:10:31.0331 3420 mrxsmb - ok 22:10:31.0394 3420 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:10:31.0409 3420 mrxsmb10 - ok 22:10:31.0456 3420 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:10:31.0456 3420 mrxsmb20 - ok 22:10:31.0503 3420 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 22:10:31.0503 3420 msahci - ok 22:10:31.0518 3420 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:10:31.0518 3420 msdsm - ok 22:10:31.0596 3420 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 22:10:31.0596 3420 MSDTC - ok 22:10:31.0628 3420 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:10:31.0628 3420 Msfs - ok 22:10:31.0690 3420 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:10:31.0690 3420 msisadrv - ok 22:10:31.0706 3420 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:10:31.0706 3420 MSiSCSI - ok 22:10:31.0721 3420 msiserver - ok 22:10:31.0768 3420 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:10:31.0768 3420 MSKSSRV - ok 22:10:31.0830 3420 [ 3EA6A1A744D79328AE7E2C6FAE4C4420 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 22:10:31.0830 3420 MsMpSvc - ok 22:10:31.0877 3420 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:10:31.0877 3420 MSPCLOCK - ok 22:10:31.0893 3420 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:10:31.0893 3420 MSPQM - ok 22:10:31.0940 3420 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:10:31.0955 3420 MsRPC - ok 22:10:31.0986 3420 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:10:32.0002 3420 mssmbios - ok 22:10:32.0018 3420 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:10:32.0018 3420 MSTEE - ok 22:10:32.0033 3420 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 22:10:32.0033 3420 Mup - ok 22:10:32.0080 3420 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 22:10:32.0096 3420 napagent - ok 22:10:32.0174 3420 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:10:32.0189 3420 NativeWifiP - ok 22:10:32.0283 3420 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:10:32.0298 3420 NDIS - ok 22:10:32.0330 3420 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:10:32.0330 3420 NdisTapi - ok 22:10:32.0361 3420 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:10:32.0376 3420 Ndisuio - ok 22:10:32.0408 3420 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:10:32.0423 3420 NdisWan - ok 22:10:32.0470 3420 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:10:32.0486 3420 NDProxy - ok 22:10:32.0501 3420 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:10:32.0501 3420 NetBIOS - ok 22:10:32.0564 3420 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 22:10:32.0564 3420 netbt - ok 22:10:32.0610 3420 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 22:10:32.0610 3420 Netlogon - ok 22:10:32.0642 3420 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 22:10:32.0657 3420 Netman - ok 22:10:32.0688 3420 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 22:10:32.0704 3420 netprofm - ok 22:10:32.0735 3420 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:10:32.0735 3420 NetTcpPortSharing - ok 22:10:32.0782 3420 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:10:32.0782 3420 nfrd960 - ok 22:10:32.0844 3420 [ C58DB40E4C95BE8EE727BE872BE6383F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 22:10:32.0844 3420 NisDrv - ok 22:10:32.0922 3420 [ C5BC0144F8FF164425B197CB78620B5F ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 22:10:32.0922 3420 NisSrv - ok 22:10:32.0969 3420 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:10:32.0985 3420 NlaSvc - ok 22:10:33.0032 3420 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:10:33.0047 3420 Npfs - ok 22:10:33.0063 3420 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 22:10:33.0063 3420 nsi - ok 22:10:33.0094 3420 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:10:33.0094 3420 nsiproxy - ok 22:10:33.0188 3420 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:10:33.0219 3420 Ntfs - ok 22:10:33.0281 3420 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 22:10:33.0281 3420 ntrigdigi - ok 22:10:33.0297 3420 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 22:10:33.0297 3420 Null - ok 22:10:33.0375 3420 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys 22:10:33.0406 3420 NVENETFD - ok 22:10:33.0656 3420 [ FBBA09782F2FAC5A57619DF378BA9372 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:10:33.0843 3420 nvlddmkm - ok 22:10:33.0874 3420 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:10:33.0890 3420 nvraid - ok 22:10:33.0936 3420 [ 0D15327134E5871C922760ACD7449E84 ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys 22:10:33.0936 3420 nvrd32 - ok 22:10:33.0983 3420 [ C44EE36DD84FA95EB81D79C374756003 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys 22:10:33.0983 3420 nvsmu - ok 22:10:34.0030 3420 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:10:34.0030 3420 nvstor - ok 22:10:34.0061 3420 [ FA7B8ECA6E845B244B7E30A9DCD82C6C ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys 22:10:34.0061 3420 nvstor32 - ok 22:10:34.0108 3420 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] nvsvc C:\Windows\system32\nvvsvc.exe 22:10:34.0124 3420 nvsvc - ok 22:10:34.0155 3420 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:10:34.0155 3420 nv_agp - ok 22:10:34.0170 3420 NwlnkFlt - ok 22:10:34.0170 3420 NwlnkFwd - ok 22:10:34.0264 3420 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:10:34.0280 3420 odserv - ok 22:10:34.0342 3420 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:10:34.0342 3420 ohci1394 - ok 22:10:34.0404 3420 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:10:34.0404 3420 ose - ok 22:10:34.0482 3420 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 22:10:34.0560 3420 p2pimsvc - ok 22:10:34.0654 3420 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 22:10:34.0670 3420 p2psvc - ok 22:10:34.0701 3420 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 22:10:34.0732 3420 Parport - ok 22:10:34.0779 3420 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:10:34.0794 3420 partmgr - ok 22:10:34.0826 3420 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 22:10:34.0826 3420 Parvdm - ok 22:10:34.0857 3420 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 22:10:34.0857 3420 PcaSvc - ok 22:10:34.0950 3420 [ 77A76C2DA7C9431024B299EF7700DD4F ] PCD5SRVC{BD6912E3-AC9D80E8-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms 22:10:35.0122 3420 PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok 22:10:35.0184 3420 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 22:10:35.0184 3420 pci - ok 22:10:35.0231 3420 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 22:10:35.0247 3420 pciide - ok 22:10:35.0294 3420 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:10:35.0294 3420 pcmcia - ok 22:10:35.0372 3420 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:10:35.0387 3420 PEAUTH - ok 22:10:35.0496 3420 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 22:10:35.0543 3420 pla - ok 22:10:35.0606 3420 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:10:35.0621 3420 PlugPlay - ok 22:10:35.0668 3420 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 22:10:35.0684 3420 PNRPAutoReg - ok 22:10:35.0715 3420 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 22:10:35.0730 3420 PNRPsvc - ok 22:10:35.0793 3420 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:10:35.0808 3420 PolicyAgent - ok 22:10:35.0840 3420 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:10:35.0840 3420 PptpMiniport - ok 22:10:35.0886 3420 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 22:10:35.0886 3420 Processor - ok 22:10:35.0933 3420 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 22:10:35.0949 3420 ProfSvc - ok 22:10:35.0996 3420 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 22:10:35.0996 3420 ProtectedStorage - ok 22:10:36.0058 3420 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 22:10:36.0058 3420 PSched - ok 22:10:36.0152 3420 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:10:36.0183 3420 ql2300 - ok 22:10:36.0230 3420 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:10:36.0230 3420 ql40xx - ok 22:10:36.0292 3420 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 22:10:36.0308 3420 QWAVE - ok 22:10:36.0323 3420 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:10:36.0339 3420 QWAVEdrv - ok 22:10:36.0354 3420 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:10:36.0354 3420 RasAcd - ok 22:10:36.0386 3420 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 22:10:36.0401 3420 RasAuto - ok 22:10:36.0432 3420 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:10:36.0448 3420 Rasl2tp - ok 22:10:36.0510 3420 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 22:10:36.0542 3420 RasMan - ok 22:10:36.0604 3420 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:10:36.0604 3420 RasPppoe - ok 22:10:36.0666 3420 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:10:36.0666 3420 RasSstp - ok 22:10:36.0729 3420 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:10:36.0744 3420 rdbss - ok 22:10:36.0791 3420 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:10:36.0791 3420 RDPCDD - ok 22:10:36.0822 3420 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 22:10:36.0838 3420 rdpdr - ok 22:10:36.0854 3420 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:10:36.0854 3420 RDPENCDD - ok 22:10:36.0932 3420 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:10:36.0932 3420 RDPWD - ok 22:10:36.0994 3420 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:10:37.0010 3420 RemoteAccess - ok 22:10:37.0072 3420 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:10:37.0088 3420 RemoteRegistry - ok 22:10:37.0134 3420 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 22:10:37.0134 3420 RpcLocator - ok 22:10:37.0197 3420 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 22:10:37.0212 3420 RpcSs - ok 22:10:37.0244 3420 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:10:37.0244 3420 rspndr - ok 22:10:37.0259 3420 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 22:10:37.0259 3420 SamSs - ok 22:10:37.0290 3420 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:10:37.0290 3420 sbp2port - ok 22:10:37.0337 3420 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:10:37.0353 3420 SCardSvr - ok 22:10:37.0415 3420 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 22:10:37.0446 3420 Schedule - ok 22:10:37.0462 3420 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 22:10:37.0462 3420 SCPolicySvc - ok 22:10:37.0509 3420 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:10:37.0509 3420 SDRSVC - ok 22:10:37.0540 3420 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:10:37.0540 3420 secdrv - ok 22:10:37.0556 3420 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 22:10:37.0571 3420 seclogon - ok 22:10:37.0587 3420 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 22:10:37.0602 3420 SENS - ok 22:10:37.0634 3420 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 22:10:37.0634 3420 Serenum - ok 22:10:37.0665 3420 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 22:10:37.0665 3420 Serial - ok 22:10:37.0696 3420 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:10:37.0696 3420 sermouse - ok 22:10:37.0743 3420 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 22:10:37.0743 3420 SessionEnv - ok 22:10:37.0790 3420 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:10:37.0790 3420 sffdisk - ok 22:10:37.0805 3420 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:10:37.0821 3420 sffp_mmc - ok 22:10:37.0852 3420 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:10:37.0868 3420 sffp_sd - ok 22:10:37.0899 3420 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:10:37.0899 3420 sfloppy - ok 22:10:37.0930 3420 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:10:37.0946 3420 SharedAccess - ok 22:10:38.0008 3420 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:10:38.0024 3420 ShellHWDetection - ok 22:10:38.0070 3420 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 22:10:38.0070 3420 sisagp - ok 22:10:38.0102 3420 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 22:10:38.0102 3420 SiSRaid2 - ok 22:10:38.0133 3420 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:10:38.0148 3420 SiSRaid4 - ok 22:10:38.0258 3420 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 22:10:38.0320 3420 slsvc - ok 22:10:38.0382 3420 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 22:10:38.0382 3420 SLUINotify - ok 22:10:38.0414 3420 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:10:38.0414 3420 Smb - ok 22:10:38.0460 3420 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:10:38.0460 3420 SNMPTRAP - ok 22:10:38.0476 3420 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 22:10:38.0492 3420 spldr - ok 22:10:38.0538 3420 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 22:10:38.0554 3420 Spooler - ok 22:10:38.0616 3420 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:10:38.0616 3420 srv - ok 22:10:38.0679 3420 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:10:38.0694 3420 srv2 - ok 22:10:38.0741 3420 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:10:38.0741 3420 srvnet - ok 22:10:38.0788 3420 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:10:38.0804 3420 SSDPSRV - ok 22:10:38.0866 3420 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:10:38.0882 3420 SstpSvc - ok 22:10:38.0913 3420 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 22:10:38.0944 3420 stisvc - ok 22:10:38.0960 3420 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:10:38.0960 3420 swenum - ok 22:10:39.0022 3420 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 22:10:39.0038 3420 swprv - ok 22:10:39.0084 3420 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 22:10:39.0100 3420 Symc8xx - ok 22:10:39.0116 3420 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 22:10:39.0116 3420 Sym_hi - ok 22:10:39.0147 3420 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 22:10:39.0147 3420 Sym_u3 - ok 22:10:39.0209 3420 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 22:10:39.0225 3420 SysMain - ok 22:10:39.0256 3420 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:10:39.0256 3420 TabletInputService - ok 22:10:39.0303 3420 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:10:39.0318 3420 TapiSrv - ok 22:10:39.0350 3420 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 22:10:39.0365 3420 TBS - ok 22:10:39.0412 3420 [ 6D0D344F643E28B31262AC2682109A3C ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:10:39.0443 3420 Tcpip - ok 22:10:39.0490 3420 [ 6D0D344F643E28B31262AC2682109A3C ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 22:10:39.0506 3420 Tcpip6 - ok 22:10:39.0568 3420 [ 5877A786EF27E42C4E84D1356F922302 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:10:39.0568 3420 tcpipreg - ok 22:10:39.0599 3420 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:10:39.0599 3420 TDPIPE - ok 22:10:39.0630 3420 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:10:39.0646 3420 TDTCP - ok 22:10:39.0662 3420 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:10:39.0662 3420 tdx - ok 22:10:39.0740 3420 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:10:39.0740 3420 TermDD - ok 22:10:39.0755 3420 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 22:10:39.0771 3420 TermService - ok 22:10:39.0802 3420 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 22:10:39.0802 3420 Themes - ok 22:10:39.0818 3420 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 22:10:39.0833 3420 THREADORDER - ok 22:10:39.0849 3420 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 22:10:39.0849 3420 TrkWks - ok 22:10:39.0942 3420 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:10:39.0942 3420 TrustedInstaller - ok 22:10:40.0020 3420 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:10:40.0020 3420 tssecsrv - ok 22:10:40.0036 3420 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 22:10:40.0052 3420 tunmp - ok 22:10:40.0098 3420 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:10:40.0098 3420 tunnel - ok 22:10:40.0130 3420 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:10:40.0145 3420 uagp35 - ok 22:10:40.0208 3420 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:10:40.0208 3420 udfs - ok 22:10:40.0254 3420 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:10:40.0254 3420 UI0Detect - ok 22:10:40.0286 3420 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:10:40.0286 3420 uliagpkx - ok 22:10:40.0332 3420 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 22:10:40.0332 3420 uliahci - ok 22:10:40.0379 3420 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 22:10:40.0379 3420 UlSata - ok 22:10:40.0442 3420 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 22:10:40.0442 3420 ulsata2 - ok 22:10:40.0473 3420 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:10:40.0488 3420 umbus - ok 22:10:40.0504 3420 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 22:10:40.0551 3420 upnphost - ok 22:10:40.0566 3420 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 22:10:40.0582 3420 USBAAPL - ok 22:10:40.0629 3420 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:10:40.0644 3420 usbccgp - ok 22:10:40.0676 3420 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:10:40.0676 3420 usbcir - ok 22:10:40.0754 3420 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:10:40.0754 3420 usbehci - ok 22:10:40.0816 3420 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:10:40.0816 3420 usbhub - ok 22:10:40.0863 3420 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 22:10:40.0878 3420 usbohci - ok 22:10:40.0910 3420 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:10:40.0910 3420 usbprint - ok 22:10:40.0972 3420 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:10:40.0972 3420 usbscan - ok 22:10:41.0019 3420 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:10:41.0019 3420 USBSTOR - ok 22:10:41.0066 3420 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:10:41.0066 3420 usbuhci - ok 22:10:41.0128 3420 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 22:10:41.0144 3420 UxSms - ok 22:10:41.0222 3420 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 22:10:41.0237 3420 vds - ok 22:10:41.0268 3420 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:10:41.0268 3420 vga - ok 22:10:41.0315 3420 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 22:10:41.0331 3420 VgaSave - ok 22:10:41.0378 3420 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 22:10:41.0393 3420 viaagp - ok 22:10:41.0440 3420 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 22:10:41.0440 3420 ViaC7 - ok 22:10:41.0487 3420 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 22:10:41.0487 3420 viaide - ok 22:10:41.0518 3420 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:10:41.0549 3420 volmgr - ok 22:10:41.0612 3420 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:10:41.0643 3420 volmgrx - ok 22:10:41.0674 3420 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:10:41.0690 3420 volsnap - ok 22:10:41.0768 3420 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:10:41.0768 3420 vsmraid - ok 22:10:41.0846 3420 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 22:10:41.0877 3420 VSS - ok 22:10:41.0939 3420 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 22:10:41.0955 3420 W32Time - ok 22:10:41.0986 3420 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:10:41.0986 3420 WacomPen - ok 22:10:42.0017 3420 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 22:10:42.0017 3420 Wanarp - ok 22:10:42.0033 3420 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:10:42.0033 3420 Wanarpv6 - ok 22:10:42.0111 3420 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:10:42.0126 3420 wcncsvc - ok 22:10:42.0158 3420 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:10:42.0173 3420 WcsPlugInService - ok 22:10:42.0204 3420 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 22:10:42.0204 3420 Wd - ok 22:10:42.0267 3420 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:10:42.0282 3420 Wdf01000 - ok 22:10:42.0298 3420 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:10:42.0314 3420 WdiServiceHost - ok 22:10:42.0329 3420 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:10:42.0345 3420 WdiSystemHost - ok 22:10:42.0376 3420 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 22:10:42.0376 3420 WebClient - ok 22:10:42.0438 3420 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:10:42.0485 3420 Wecsvc - ok 22:10:42.0501 3420 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:10:42.0501 3420 wercplsupport - ok 22:10:42.0563 3420 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 22:10:42.0563 3420 WerSvc - ok 22:10:42.0610 3420 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 22:10:42.0626 3420 winachsf - ok 22:10:42.0657 3420 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 22:10:42.0672 3420 WinDefend - ok 22:10:42.0688 3420 WinHttpAutoProxySvc - ok 22:10:42.0750 3420 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:10:42.0766 3420 Winmgmt - ok 22:10:42.0828 3420 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 22:10:42.0875 3420 WinRM - ok 22:10:42.0906 3420 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:10:42.0938 3420 Wlansvc - ok 22:10:43.0047 3420 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:10:43.0078 3420 wlidsvc - ok 22:10:43.0109 3420 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:10:43.0109 3420 WmiAcpi - ok 22:10:43.0172 3420 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:10:43.0172 3420 wmiApSrv - ok 22:10:43.0234 3420 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 22:10:43.0265 3420 WMPNetworkSvc - ok 22:10:43.0281 3420 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:10:43.0296 3420 WPCSvc - ok 22:10:43.0359 3420 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:10:43.0359 3420 WPDBusEnum - ok 22:10:43.0608 3420 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:10:43.0640 3420 WPFFontCache_v0400 - ok 22:10:43.0655 3420 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:10:43.0655 3420 ws2ifsl - ok 22:10:43.0718 3420 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 22:10:43.0718 3420 wscsvc - ok 22:10:43.0733 3420 WSearch - ok 22:10:43.0842 3420 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 22:10:43.0889 3420 wuauserv - ok 22:10:43.0967 3420 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:10:43.0967 3420 WudfPf - ok 22:10:44.0014 3420 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:10:44.0030 3420 WUDFRd - ok 22:10:44.0061 3420 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:10:44.0076 3420 wudfsvc - ok 22:10:44.0123 3420 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 22:10:44.0123 3420 XAudio - ok 22:10:44.0186 3420 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 22:10:44.0201 3420 XAudioService - ok 22:10:44.0217 3420 ================ Scan global =============================== 22:10:44.0248 3420 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 22:10:44.0310 3420 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 22:10:44.0357 3420 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 22:10:44.0435 3420 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 22:10:44.0451 3420 [Global] - ok 22:10:44.0451 3420 ================ Scan MBR ================================== 22:10:44.0466 3420 [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0 22:10:44.0966 3420 \Device\Harddisk0\DR0 - ok 22:10:44.0966 3420 ================ Scan VBR ================================== 22:10:44.0981 3420 [ A20EA72A37A0EA66D5634CBB142DAFEB ] \Device\Harddisk0\DR0\Partition1 22:10:44.0981 3420 \Device\Harddisk0\DR0\Partition1 - ok 22:10:44.0981 3420 [ 28FACC70417BBA5B0D49BCA2B5E19EF2 ] \Device\Harddisk0\DR0\Partition2 22:10:44.0981 3420 \Device\Harddisk0\DR0\Partition2 - ok 22:10:44.0981 3420 ============================================================ 22:10:44.0981 3420 Scan finished 22:10:44.0981 3420 ============================================================ 22:10:44.0997 3548 Detected object count: 0 22:10:44.0997 3548 Actual detected object count: 0

Here is that report for you Starbuck. RogueKiller V8.6.5 [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Melissa [Admin rights] Mode : Remove -- Date : 08/15/2013 14:57:35 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (0) -> REPLACED () [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [sCREENSVR][sUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\Melissa\Desktop\OTL.scr [-]) -> REPLACED (C:\Windows\system32\logon.scr) ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Melissa\AppData\Local\Temp\IHU3F07.tmp.exe [x][x] -> DELETED [V2][sUSP PATH] RunAsStdUser Task : C:\Users\Melissa\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe - -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=FB-SEM&browser=IE&success=1&trackid=yah-161 [x][x] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 208.43.47.212 a1n.review.zdnet.com 208.43.47.212 d1n.reviews.cnet.com 208.43.47.212 reviewn.2009softwarereviews.com 208.43.47.212 reviewsn.download.com 208.43.47.212 reviewsn.pcadvisor.co.uk 208.43.47.212 reviewsn.pcpro.co.uk 208.43.47.212 reviewsn.techradar.com 208.43.47.212 reviewsn.riverstreams.co.uk 208.43.47.212 reviewsn.pcmag.com 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST350062 0AS SCSI Disk Device +++++ --- User --- [MBR] e0f9e5bff73313e688c62d44652da213 [bSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 466536 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955465875 | Size: 10401 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_D_08152013_145735.txt >> RKreport[0]_S_08152013_145630.txt

Hi Starbuck; I looked up those infections too and they really are bad. OTL ran for 9 hours and quit responding. It might be the infections or it might be a memory issue. Strange things were happening like sidebar turning on by itself. I'll run RogueKiller and see what happens.

A bad time to get my oldest friends mothers computer what with remodeling but I have it. 1. No AV. 2. IE really messed up. Downloads and updates etc. 3. sluggish. 4. Flash in in programs and features but not in control panel. 5. No Areo option in Themes. 6. Malwarebytes and ESET freeze and quit responding on two different things. C:\USERS\MELISSA\Local Settings\Temporary Internet Files\Content.IE5\8VNS4M94\desktop.ini and C:\USERS\DEFAULT\Local Settings\Temporary Internet Files\Content.IE5\8VNS4M94\desktop.ini 7. Computer making random changes like turning on side bar. 8. Two teenage grandchildren used the computer. 9. ARO 2011 registry cleaner used. 10. And the list goes on. I fixed Areo by running sfc. I got Malwarebytes to run by installing and scanning with MSE and removing Trojans but also had to run ATF-Cleaner and AdwCleaner first. I still had to use Ccleaner to remove the desktop.ini files first. I reset IE9 too. And the list of issues goes on even so. Vista 32 bit home premium-Compaq-desktop-2Gb ram ddr2 BIOS drive test passed. No memory tests ran yet. MSE quarintined; Trojan:Win32/Sirefef!cfg Trojan:Win32/Sirefef.P Trojan:Win32/Siref.AG Trojan:Win32/Siref.AN Trojan:Win32/Siref Exploit:JS/StykxEk.A Exploit:Win32/Pdfjsc.RF AdwCleaner log file; # AdwCleaner v2.306 - Logfile created 08/13/2013 at 15:30:26 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Melissa - MELISSA-PC # Boot Mode : Normal # Running from : C:\Users\Melissa\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Application Updater ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Folder Deleted : C:\Program Files\Application Updater Folder Deleted : C:\Program Files\Common Files\spigot Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Coupons.com Folder Deleted : C:\Program Files\Free Offers from Freeze.com Folder Deleted : C:\Program Files\Inbox Toolbar Folder Deleted : C:\ProgramData\Free Ride Games Folder Deleted : C:\Users\Melissa\AppData\Local\Temp\AskSearch Folder Deleted : C:\Users\Melissa\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Melissa\AppData\LocalLow\Coupons.com Folder Deleted : C:\Users\Melissa\AppData\LocalLow\Search Settings ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Coupons.com Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Freeze.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupons.com Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE869485-18FC-43FB-AEE2-F6E1EF53A6E2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\XBTB03021 Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B66A848-813C-4165-AE05-53A534B397FF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE869485-18FC-43FB-AEE2-F6E1EF53A6E2} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Coupons.com Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8B2E9F2-167B-4759-963F-C0B6350E2AF9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43C3-A1EE-557513977B64} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0B66A848-813C-4165-AE05-53A534B397FF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar Key Deleted : HKLM\Software\Search Settings Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37153479-1976-43C3-A1EE-557513977B64}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37153479-1976-43C3-A1EE-557513977B64}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [8379 octets] - [13/08/2013 15:29:43] AdwCleaner[s1].txt - [7711 octets] - [13/08/2013 15:30:26] ########## EOF - C:\AdwCleaner[s1].txt - [7771 octets] ########## Malwarebytes log file follows; Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.13.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Melissa :: MELISSA-PC [administrator] 8/13/2013 3:57:32 PM mbam-log-2013-08-13 (15-57-32).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 797528 Time elapsed: 9 hour(s), 37 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 9 C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\00000008.@ (Trojan.0Access) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-1820304486-1500276803-1493905708-1000\$eebcbfaf17eb994eba4c8abf9c748dab\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully. C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REN0A1E4\TelevisionFanatic.exe (PUP.Optional.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6XRZX7OA\security_cleaner[1].exe (Trojan.Agent.ED) -> Quarantined and deleted successfully. C:\Users\Melissa\AppData\Local\Temp\Low\Inbox.cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully. C:\Users\Melissa\AppData\Local\Temp\Low\Inbox_dll.cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully. (end) I'll do the OTL in the next post but this thing is a real mess.