Jump to content


Photo
- - - - -

Need help with "System Check" virus

Windows Vista fake antivirus

  • This topic is locked This topic is locked
27 replies to this topic

#1 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 07 March 2012 - 09:56 PM

Hi,

I'm trying to help a friend with a virus issue. He seems to have fake virus software called "System Check" installed. It has hidden all of his desktop icons, blocked access to the task manager and crippled his antivirus software. When he contacted me about the problem I advised him to disconnect his system from the internet and it has not been reconnected since.

He booted in safe mode and installed MBAM from a CD. Malwarebytes found and fixed three issues in safe mode but upon reboot the virus was still there. He rebooted back into safe mode and ran MBAM again but it found nothing this time. Also, he was able to run his Norton software from his ISP in safe mode but if didn't find anything either.

I was able to run dds on the system after a reboot. The logs are included below.

Any help with issue would be greatly appreciated.

Thanks


DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by thomas at 20:13:48 on 2012-03-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.805 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ProgramData\CxeQuvuAihVRRU.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\NETGEAR\WN111v2\WN111v2.exe
C:\ProgramData\ax1bQt93JxKdtA.exe
C:\Windows\system32\attrib.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Windows\system32\attrib.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=BNHP
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uURLSearchHooks: Games.com Toolbar Search Class: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - c:\program files\games.com toolbar\gamescomtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll
mURLSearchHooks: Games.com Toolbar Search Class: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - c:\program files\games.com toolbar\gamescomtb.dll
mURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll
uWindows: Load=c:\users\thomas\locals~1\temp\mskmwna.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Games.com Toolbar Loader: {b07040d6-4cb3-4af4-8a5c-038b7cd8a5d8} - c:\program files\games.com toolbar\gamescomtb.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
BHO: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
TB: Games.com Toolbar: {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - c:\program files\games.com toolbar\gamescomtb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
TB: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [CxeQuvuAihVRRU.exe] c:\programdata\CxeQuvuAihVRRU.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\users\thomas\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111v2.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0122B2E1-257D-4823-802A-3013F4A6370F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91B2B4F7-0518-4ACF-8183-A99769F3C3E1} : DhcpNameServer = 192.168.1.1
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-5-17 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120303.003\IDSvix86.sys [2012-3-3 368248]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-10-1 20384]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-2-7 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-2 21504]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-2-15 65096]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R2 X6XSEx;X6XSEx;c:\program files\free ride games\X6XSEx.sys [2011-11-5 46184]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-22 136176]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2006-11-16 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2006-11-16 20480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-22 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-29 942080]
S3 Leapfrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-11-12 33792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2009-1-13 453120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-06 04:30:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 04:30:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-06 01:12:38 359424 ---ha-w- c:\programdata\ax1bQt93JxKdtA.exe
2012-03-06 01:08:25 452608 --sha-w- c:\programdata\CxeQuvuAihVRRU.exe
2012-02-22 20:14:43 -------- d--h--w- c:\users\thomas\appdata\local\Scansoft
2012-02-21 16:49:28 -------- d--h--w- c:\users\thomas\appdata\roaming\Nuance
2012-02-21 16:34:36 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-02-21 16:34:34 -------- d-----w- c:\program files\common files\Nuance
2012-02-21 16:33:35 -------- d--h--w- c:\programdata\Nuance
2012-02-21 16:33:35 -------- d-----w- c:\program files\Nuance
2012-02-16 12:06:31 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 12:06:29 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 12:05:41 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-07 22:38:20 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-02-07 22:38:20 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-02-07 22:38:19 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-02-07 22:38:19 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-02-07 22:38:19 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-02-07 22:38:18 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-02-07 22:38:18 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-02-07 22:37:43 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
.
==================== Find3M ====================
.
2012-01-20 21:56:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:21:28.24 ===============



Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2007 10:16:11 PM
System Uptime: 3/7/2012 8:01:35 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | Socket AM2 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 181.095 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.808 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
A Free Ride Games Bar Toolbar
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
AIO_Scan
BufferChm
CCleaner
Conduit Engine
Constant Guard Protection Suite
Copy
Coupon Printer for Windows
CustomerResearchQFolder
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Download Updater (AOL LLC)
Dragon NaturallySpeaking 10
Easy Chef 1,000,000 Recipes
Enhanced Multimedia Keyboard Solution
eSupportQFolder
F4100
F4100_Help
FLV Player
Free Ride Games Player
Games.com Toolbar
GamesBar 2.0.1.81
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin USB Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GuardedID
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Easy Setup - Frontend
HP Imaging Device Functions 8.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Product Assistant
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Moraff's Maximum MahJongg 1.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Norton Security Suite
NVIDIA Drivers
OpenOffice.org Installer 1.0
PSSWCORE
Python 2.4.3
RangeMax Wireless-N USB Adapter WN111v2
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RTC Client API v1.2
Sandlot Games Client Services
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shop for HP Supplies
SmartDraw 2007
Snapfish Media Detector
Snood 4
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Super Text Twist Free Trial
Text Twist
TomTom HOME 2.5.2.60
Toolbox
TrayApp
Treasure Seekers The Enchanted Canvases
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
VC 9.0 Runtime
VC_MergeModuleToMSI
Viewpoint Media Player
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 0.9.9
WebReg
Wheel of Fortune 2 (remove only)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
WN111v2
Word Whomp To Go
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/7/2012 8:04:32 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/7/2012 8:03:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/7/2012 8:03:35 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
3/7/2012 7:12:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl IDSVix86 jswpslwf NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2012 7:12:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/7/2012 7:12:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/7/2012 7:12:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/7/2012 7:11:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/7/2012 7:11:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/7/2012 7:11:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/7/2012 7:11:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/7/2012 7:11:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/7/2012 7:09:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
3/6/2012 9:16:55 AM, Error: EventLog [6008] - The previous system shutdown at 9:14:23 AM on 3/6/2012 was unexpected.
3/6/2012 4:08:52 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
3/6/2012 4:08:52 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.
3/6/2012 4:08:52 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
3/5/2012 9:31:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.195 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 9:22:43 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/5/2012 9:15:46 PM, Error: EventLog [6008] - The previous system shutdown at 8:45:26 PM on 3/5/2012 was unexpected.
3/5/2012 7:52:13 AM, Error: EventLog [6008] - The previous system shutdown at 7:48:03 AM on 3/5/2012 was unexpected.
3/5/2012 7:17:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user thomas-PC\thomas SID (S-1-5-21-1438759059-2066498689-1681145571-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/5/2012 6:50:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.194 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 5:11:26 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.201 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 2:50:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.200 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 11:54:45 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.196 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 10:57:28 PM, Error: EventLog [6008] - The previous system shutdown at 10:55:36 PM on 3/5/2012 was unexpected.
3/5/2012 1:48:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.199 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 1:28:23 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.198 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 1:05:28 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.197 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 6:08:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.192 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 2:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user thomas-PC\thomas SID (S-1-5-21-1438759059-2066498689-1681145571-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/4/2012 12:46:01 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.190 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 12:24:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.189 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 12:03:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.188 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 12:01:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/4/2012 10:24:36 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.193 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 10:13:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.187 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 1:09:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.191 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 9:52:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.184 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 9:52:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/3/2012 6:28:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.183 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 6:08:09 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.182 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 5:47:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.181 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 5:26:55 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.180 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 5:06:22 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.179 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 4:45:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.178 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 4:25:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.177 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 4:04:26 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.176 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 3:43:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.175 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 3:23:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.174 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 3:17:35 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.186 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 3:00:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.173 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 2:40:31 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.172 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 2:19:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.171 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 12:57:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.167 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 12:37:14 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.166 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 12:16:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.165 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 12:04:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.185 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 1:59:21 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.170 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 1:38:47 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.169 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 1:18:16 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.168 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 7:42:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.162 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 6:37:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.161 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 6:13:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.159 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 5:46:51 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.158 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 5:16:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.157 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 4:48:12 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.156 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 4:21:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.155 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 4:19:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
3/2/2012 3:53:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.154 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 3:36:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.160 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 3:23:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.153 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 2:51:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.152 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 2:08:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.151 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 12:29:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.147 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 12:08:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.146 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 11:27:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.164 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 10:55:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.163 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 1:48:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.150 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 1:24:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.149 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 1:04:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.148 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 6:41:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.141 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 6:28:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.135 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 6:22:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.140 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 6:02:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.139 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 5:12:56 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 11:48:03 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.145 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 11:27:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.144 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 11:07:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.143 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 10:46:00 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.137 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 10:44:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.142 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 10:23:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.136 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 7:14:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.130 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 7:07:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.133 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 6:54:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.129 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 6:35:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.132 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 6:33:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.128 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 6:13:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.127 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 5:52:32 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.126 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 5:43:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.131 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 5:30:03 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.125 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 5:11:30 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.124 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 4:50:59 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.123 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 4:30:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.122 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 4:09:57 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.121 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 3:49:01 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.120 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 2:42:19 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.119 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 2:23:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.118 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 2:03:13 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.117 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 12:42:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.115 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 12:21:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 10:10:47 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.134 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/29/2012 1:28:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 March 2012 - 08:42 AM

Hello newguy! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Reconnect the computer to the Internet and use Normal mode for my instructions.

Step 1

I see your find have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player


Step 2

Follow the instructions here to run, update and scan with Malwarebytes' Anti-Malware:
http://forums.malwar...ndpost&p=434002


In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 08 March 2012 - 10:16 PM

Hi Maniac. Thanks for the quick response.

OK, I removed "Viewpoint Media Player" via add/remove programs.

I was able to update and run MBAM via the Chameleon route.

After MBAM ran it required a restart to complete the removal process. However, the system hung while shutting down, (I gave it over 30 minutes displaying the shutdown screen before I manually shut it down.)

Upon restart I again ran MBAM Chameleon and this time it found no infections.

I attempted to run DDS again but while it was running I got a blue screen and the system restarted. (Not sure if this was related to the process, but I thought I should let you know what happened.) It flashed too fast for me to see the error before the restart.

After the restart I was able to successfully run DDS and the logs are posted below.

Also, I'm including the texts of both MBAM quick scans.

First MBAM Scan:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.08.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
thomas :: THOMAS-PC [administrator]
3/8/2012 8:10:29 PM
mbam-log-2012-03-08 (20-10-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181176
Time elapsed: 7 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CxeQuvuAihVRRU.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\CxeQuvuAihVRRU.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\ProgramData\CxeQuvuAihVRRU.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\ax1bQt93JxKdtA.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\thomas\AppData\Local\Temp\LdUGxInAr1arU8.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
(end)

Second MBAM Scan:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.08.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
thomas :: THOMAS-PC [administrator]
3/8/2012 9:02:26 PM
mbam-log-2012-03-08 (21-02-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181326
Time elapsed: 7 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

DDS.txt:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by thomas at 21:38:43 on 2012-03-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1046 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=BNHP
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uURLSearchHooks: Games.com Toolbar Search Class: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - c:\program files\games.com toolbar\gamescomtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll
mURLSearchHooks: Games.com Toolbar Search Class: {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - c:\program files\games.com toolbar\gamescomtb.dll
mURLSearchHooks: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll
uWindows: Load=c:\users\thomas\locals~1\temp\mskmwna.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Games.com Toolbar Loader: {b07040d6-4cb3-4af4-8a5c-038b7cd8a5d8} - c:\program files\games.com toolbar\gamescomtb.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
BHO: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
TB: Games.com Toolbar: {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - c:\program files\games.com toolbar\gamescomtb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
TB: A Free Ride Games Bar Toolbar: {f92a9fe4-2850-4198-b9d5-279880e49b16} - c:\program files\a_free_ride_games_bar\prxtbA_Fr.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\users\thomas\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111v2.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0122B2E1-257D-4823-802A-3013F4A6370F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91B2B4F7-0518-4ACF-8183-A99769F3C3E1} : DhcpNameServer = 192.168.1.1
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120302.001\BHDrvx86.sys [2012-3-2 820856]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-5-17 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120308.001\IDSvix86.sys [2012-3-8 368248]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-10-1 20384]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-2-7 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-2 21504]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-2-15 65096]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R2 X6XSEx;X6XSEx;c:\program files\free ride games\X6XSEx.sys [2011-11-5 46184]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-22 136176]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2006-11-16 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2006-11-16 20480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-22 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-29 942080]
S3 Leapfrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-11-12 33792]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-3-8 26224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-8 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2009-1-13 453120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-09 01:59:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-09 01:59:45 26224 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-06 04:30:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 04:30:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-22 20:14:43 -------- d--h--w- c:\users\thomas\appdata\local\Scansoft
2012-02-21 16:49:28 -------- d--h--w- c:\users\thomas\appdata\roaming\Nuance
2012-02-21 16:34:36 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-02-21 16:34:34 -------- d-----w- c:\program files\common files\Nuance
2012-02-21 16:33:35 -------- d--h--w- c:\programdata\Nuance
2012-02-21 16:33:35 -------- d-----w- c:\program files\Nuance
2012-02-16 12:06:31 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 12:06:29 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 12:05:41 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-01-20 21:56:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:40:34.89 ===============

Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2007 10:16:11 PM
System Uptime: 3/8/2012 9:33:06 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 180.669 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.808 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
A Free Ride Games Bar Toolbar
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
AIO_Scan
BufferChm
CCleaner
Conduit Engine
Constant Guard Protection Suite
Copy
Coupon Printer for Windows
CustomerResearchQFolder
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Download Updater (AOL LLC)
Dragon NaturallySpeaking 10
Easy Chef 1,000,000 Recipes
Enhanced Multimedia Keyboard Solution
eSupportQFolder
F4100
F4100_Help
FLV Player
Free Ride Games Player
Games.com Toolbar
GamesBar 2.0.1.81
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin USB Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GuardedID
Hardware Diagnostic Tools
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Easy Setup - Frontend
HP Imaging Device Functions 8.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Product Assistant
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Moraff's Maximum MahJongg 1.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Norton Security Suite
NVIDIA Drivers
OpenOffice.org Installer 1.0
PSSWCORE
Python 2.4.3
RangeMax Wireless-N USB Adapter WN111v2
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RTC Client API v1.2
Sandlot Games Client Services
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shop for HP Supplies
SmartDraw 2007
Snapfish Media Detector
Snood 4
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Super Text Twist Free Trial
Text Twist
TomTom HOME 2.5.2.60
Toolbox
TrayApp
Treasure Seekers The Enchanted Canvases
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
VC 9.0 Runtime
VC_MergeModuleToMSI
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 0.9.9
WebReg
Wheel of Fortune 2 (remove only)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
WN111v2
Word Whomp To Go
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 9:36:07 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/8/2012 9:35:08 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/8/2012 9:35:08 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
3/8/2012 9:33:39 PM, Error: EventLog [6008] - The previous system shutdown at 9:31:50 PM on 3/8/2012 was unexpected.
3/8/2012 9:29:32 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
3/8/2012 9:14:01 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DELL00363.
3/8/2012 7:59:10 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl IDSVix86 jswpslwf NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2012 7:57:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2012 7:57:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2012 7:57:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/8/2012 7:56:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/8/2012 7:56:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/8/2012 7:56:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/8/2012 7:56:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2012 7:56:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/7/2012 8:36:17 PM, Error: EventLog [6008] - The previous system shutdown at 8:34:01 PM on 3/7/2012 was unexpected.
3/7/2012 7:09:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
3/7/2012 10:01:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/6/2012 9:16:55 AM, Error: EventLog [6008] - The previous system shutdown at 9:14:23 AM on 3/6/2012 was unexpected.
3/6/2012 4:08:52 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
3/6/2012 4:08:52 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.
3/6/2012 4:08:52 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
3/5/2012 9:31:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.195 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 9:22:43 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/5/2012 9:15:46 PM, Error: EventLog [6008] - The previous system shutdown at 8:45:26 PM on 3/5/2012 was unexpected.
3/5/2012 7:52:13 AM, Error: EventLog [6008] - The previous system shutdown at 7:48:03 AM on 3/5/2012 was unexpected.
3/5/2012 7:17:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user thomas-PC\thomas SID (S-1-5-21-1438759059-2066498689-1681145571-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/5/2012 6:50:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.194 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 5:11:26 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.201 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 2:50:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.200 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 11:54:45 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.196 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 10:57:28 PM, Error: EventLog [6008] - The previous system shutdown at 10:55:36 PM on 3/5/2012 was unexpected.
3/5/2012 1:48:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.199 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 1:28:23 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.198 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/5/2012 1:05:28 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.197 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 6:08:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.192 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 2:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user thomas-PC\thomas SID (S-1-5-21-1438759059-2066498689-1681145571-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/4/2012 12:46:01 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.190 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 12:24:51 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.189 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 12:03:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.188 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 12:01:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/4/2012 10:24:36 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.193 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 10:13:41 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.187 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/4/2012 1:09:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.191 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 9:52:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.184 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 6:28:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.183 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 6:08:09 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.182 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 5:47:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.181 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 5:26:55 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.180 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 5:06:22 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.179 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 4:45:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.178 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 4:25:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.177 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 4:04:26 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.176 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 3:43:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.175 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 3:23:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.174 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 3:17:35 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.186 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 3:00:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.173 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 2:40:31 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.172 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 2:19:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.171 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 12:57:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.167 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 12:37:14 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.166 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 12:16:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.165 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 12:04:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.185 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 1:59:21 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.170 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 1:38:47 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.169 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/3/2012 1:18:16 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.168 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 7:42:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.162 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 6:37:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.161 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 6:13:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.159 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 5:46:51 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.158 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 5:16:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.157 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 4:48:12 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.156 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 4:21:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.155 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 4:19:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
3/2/2012 3:53:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.154 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 3:36:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.160 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 3:23:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.153 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 2:51:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.152 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 2:08:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.151 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 12:29:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.147 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 12:08:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.146 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 11:27:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.164 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 10:55:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.163 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 1:48:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.150 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 1:24:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.149 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/2/2012 1:04:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.148 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 6:41:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.141 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 6:28:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.135 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 6:22:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.140 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 6:02:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.139 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 5:12:56 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 11:48:03 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.145 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 11:27:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.144 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 11:07:10 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.143 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 10:46:00 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.137 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 10:44:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.142 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/1/2012 10:23:17 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.136 for the Network Card with network address 001BFC2332E7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 March 2012 - 11:00 AM

Please uninstall the following applications:

A Free Ride Games Bar Toolbar
Games.com Toolbar
GamesBar 2.0.1.81
Conduit Engine


Next, reboot your PC and let me know how are things running now.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 11 March 2012 - 03:11 PM

Hey Maniac,

I was able to uninstall these two items:

Games.com Toolbar
GamesBar 2.0.1.81

The other two:

Conduit Engine
A Free Ride Games Bar Toolbar

are still listed after running the uninstallers.

Here are the issues we are getting now:

I'm getting a pop-up message on boot-up about not being able to load or run a file listed in the registry. I've attached a screen shot of this message here.

Attached File  Message01.jpg   15.13KB   9 downloads

He has something called "Constant Guard Protection Suite" installed. This is part of a package provided by his ISP. Upon boot up we are getting a "Protection Suite Error" message that says an unexpected error occurred and the software will restart, but when we dismiss the box it simply returns. We cannot start the software manually via the desktop icon.

File associations for executable files (.exe) seem to be missing. For example, clicking on a the shortcut for Internet Explorer brings up a dialog box asking what program the file (iexplore.exe) should be opened with. In order to run an executable you must right click and choose run as...

Originally all of the files and shortcuts on the desktop were missing. I was able to "show hidden files", select the hidden files and unhide them. (This was before my original post.) Currently, all of the favorites are missing from IE and I'm not sure if we will discover other missing items in the future. I read something about "unhide.exe" while checking out the Chameleon page and I wasn't sure if that would be something we would want to run eventually.

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 11 March 2012 - 05:00 PM

The other two:

Conduit Engine
A Free Ride Games Bar Toolbar

are still listed after running the uninstallers.


We will check if there are still remnants of them, if any, will remove them otherwise.

He has something called "Constant Guard Protection Suite" installed. This is part of a package provided by his ISP. Upon boot up we are getting a "Protection Suite Error" message that says an unexpected error occurred and the software will restart, but when we dismiss the box it simply returns. We cannot start the software manually via the desktop icon.


You have Norton Security Suite, so you don't need it anymore, so uninstall it. Now it seems to be damaged.

File associations for executable files (.exe) seem to be missing. For example, clicking on a the shortcut for Internet Explorer brings up a dialog box asking what program the file (iexplore.exe) should be opened with. In order to run an executable you must right click and choose run as...


Will take care about it.

Originally all of the files and shortcuts on the desktop were missing. I was able to "show hidden files", select the hidden files and unhide them. (This was before my original post.) Currently, all of the favorites are missing from IE and I'm not sure if we will discover other missing items in the future. I read something about "unhide.exe" while checking out the Chameleon page and I wasn't sure if that would be something we would want to run eventually.


We will try with unhide.exe, to restore everything.

Now:


Step 1

Please download one of the following and run it:
http://download.blee...bit/FixExec.com
http://download.blee...bit/FixExec.pif
http://download.blee...bit/FixExec.scr

When FixExec has finished running it will create a log on your Windows desktop called FixExec.txt. This log will contain a list of the items that were repaired on your computer. Post it in your next reply.


Step 2

Please download unhide.exe from here and save it to your Desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


Step 3

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.


In your next reply, post the following log files:

  • OTL with Extras.txt
  • FixExec log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 13 March 2012 - 06:31 PM

Hi Maniac,

I uninstalled "Constant Guard Protection Suite."

Ran FixExec and it seems to have restored the .exe file associations.

Ran UnHide.exe and that brought back the favorites in IE.

Ran OTL. Logs follow.

Just wanted to say thanks for all your time and help so far.

OTL.txt:

OTL logfile created on: 3/13/2012 7:13:36 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\thomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 50.64% Memory free
3.98 Gb Paging File | 2.95 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.31 Gb Total Space | 179.76 Gb Free Space | 62.13% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.81 Gb Free Space | 9.20% Space Free | Partition Type: NTFS

Computer Name: THOMAS-PC | User Name: thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/13 19:05:59 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Desktop\OTL.exe
PRC - [2012/01/06 17:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/06/22 10:32:34 | 004,837,808 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Free Ride Games\GPlayer.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe
PRC - [2010/12/21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/25 17:54:58 | 001,724,416 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111v2.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 04:28:25 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b6b9eeba0eaffb7691e9fd06c4f3dd10\System.ServiceModel.Routing.ni.dll
MOD - [2012/02/17 04:28:24 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\26150ab602b494d300ae488f81dbef9b\System.ServiceModel.Discovery.ni.dll
MOD - [2012/02/17 04:28:22 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\361744396ee71dcc435c93226a8a6754\System.ServiceModel.Channels.ni.dll
MOD - [2012/02/17 04:28:20 | 001,392,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4d1a64fc317c7d5de7321ef42d9443aa\System.ServiceModel.Activities.ni.dll
MOD - [2012/02/17 04:28:08 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b711fe4f8f23da12b205be1d231d4e2e\System.ServiceModel.ni.dll
MOD - [2012/02/17 04:26:57 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38b6bf7d0ee6cea88d785e52e991627c\System.IdentityModel.ni.dll
MOD - [2012/02/17 04:23:27 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a2011e79b6ef1c5381d110f75685008c\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/02/17 04:23:23 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3ed5c98553688c7bd5fa0459ddc629bf\SMDiagnostics.ni.dll
MOD - [2012/02/17 04:23:22 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7aa036e91909e1bc5e1d35b673defab2\System.Runtime.Serialization.ni.dll
MOD - [2012/02/17 04:23:17 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll
MOD - [2012/02/17 04:23:15 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll
MOD - [2012/02/17 04:09:17 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll
MOD - [2012/02/17 04:08:53 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\f7ddf9585d0b4b46437dc07b50955b64\System.Security.ni.dll
MOD - [2012/02/17 04:08:51 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
MOD - [2012/02/17 04:08:47 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll
MOD - [2012/02/17 04:08:43 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
MOD - [2012/02/17 04:08:31 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
MOD - [2012/02/17 04:08:29 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 04:08:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
MOD - [2012/02/17 04:08:19 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll
MOD - [2012/02/17 04:08:19 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
MOD - [2012/02/17 04:08:15 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
MOD - [2011/10/14 03:07:36 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/03/18 13:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IDVaultSvc)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/02/29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2012/03/09 17:33:47 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120313.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/03/09 17:33:46 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/03/09 17:33:46 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120313.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/02 19:59:42 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001_fb5\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/04 10:06:37 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 19:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120313.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/11/12 12:18:10 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2011/05/17 21:51:42 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/22 09:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X6XSEx.sys -- (X6XSEx)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2009/01/13 10:30:00 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008/10/01 16:44:02 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/04 02:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/19 09:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2006/11/16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=13-05-2011
IE - HKLM\..\SearchScopes\{59978E0A-1C53-4D9A-A67F-D1473F7643AB}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A1170105-04F3-4615-8626-95D3A4FCDED9}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1320680


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=BNHP
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=13-05-2011
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{59978E0A-1C53-4D9A-A67F-D1473F7643AB}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7SUNA_en
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{A1170105-04F3-4615-8626-95D3A4FCDED9}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...22&geo=US&ver=5
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.5.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/03/09 20:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/03/13 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

[2011/05/19 13:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions
[2009/01/05 14:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/01/05 14:15:47 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll File not found
O2 - BHO: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - Startup: C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
F3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000 WinNT: Load - (C:\Users\thomas\LOCALS~1\Temp\mskmwna.com) - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Domains: internet ([]about in Internet)
O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0122B2E1-257D-4823-802A-3013F4A6370F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B2B4F7-0518-4ACF-8183-A99769F3C3E1}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\thomas\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/23 19:59:56 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{43bac658-fd09-11db-9ae5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{43bac658-fd09-11db-9ae5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{63173718-8890-11dd-b7dc-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{63173718-8890-11dd-b7dc-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{9c58817a-d772-11dd-9dec-00038a000015}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 19:05:59 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\thomas\Desktop\OTL.exe
[2012/03/13 18:47:45 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\thomas\Desktop\unhide.exe
[2012/03/13 18:44:18 | 000,881,568 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\thomas\Desktop\FixExec.scr
[2012/03/09 17:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B
[2012/03/06 00:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(753)
[2012/03/06 00:10:48 | 000,000,000 | ---D | C] -- C:\Users\thomas\Desktop\New Folder (3)
[2012/02/22 16:14:43 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Local\Scansoft
[2012/02/21 12:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/02/21 12:49:28 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\Nuance
[2012/02/21 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 10.0
[2012/02/21 12:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/02/21 12:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012/02/21 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance
[2012/02/21 12:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/02/21 12:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012/02/16 07:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

========== Files - Modified Within 30 Days ==========

[2012/03/13 19:16:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/13 19:16:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/13 19:10:59 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2012/03/13 19:09:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/13 19:09:19 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 19:09:19 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 19:09:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/13 19:09:11 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/13 19:05:59 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\thomas\Desktop\OTL.exe
[2012/03/13 18:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 18:47:45 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\thomas\Desktop\unhide.exe
[2012/03/13 18:44:18 | 000,881,568 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\thomas\Desktop\FixExec.scr
[2012/03/13 06:49:27 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2012/03/11 14:59:09 | 000,015,490 | ---- | M] () -- C:\Users\thomas\Desktop\Message01.jpg
[2012/03/09 17:32:54 | 000,007,728 | ---- | M] () -- C:\Users\thomas\AppData\Local\d3d9caps.dat
[2012/03/05 22:23:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\ax1bQt93JxKdtA
[2012/03/05 21:28:24 | 000,000,296 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtA
[2012/03/05 21:28:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtAr
[2012/03/05 07:54:09 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2012/03/03 16:17:07 | 000,001,099 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/02 02:00:10 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job
[2012/02/26 14:26:42 | 000,108,280 | ---- | M] () -- C:\Users\thomas\Documents\MCDONALDS-PrintableCoupon.pdf2.pdf
[2012/02/24 08:48:59 | 000,057,344 | ---- | M] () -- C:\Users\thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/21 15:59:18 | 000,002,394 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT
[2012/02/21 12:48:24 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2012/02/17 12:44:20 | 000,761,933 | ---- | M] () -- C:\Users\thomas\Documents\MCDONALDS-PrintableCoupon.pdf
[2012/02/17 12:43:28 | 000,761,933 | ---- | M] () -- C:\Users\thomas\Documents\MCR-PrintableCoupon-.pdf
[2012/02/17 05:07:54 | 000,392,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/13 14:50:04 | 010,468,138 | ---- | M] () -- C:\Users\thomas\Documents\1984 rollback.pdf

========== Files Created - No Company Name ==========

[2012/03/11 14:59:09 | 000,015,490 | ---- | C] () -- C:\Users\thomas\Desktop\Message01.jpg
[2012/03/08 21:00:43 | 2011,750,400 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/05 21:28:23 | 000,000,296 | ---- | C] () -- C:\ProgramData\~ax1bQt93JxKdtA
[2012/03/05 21:28:23 | 000,000,216 | ---- | C] () -- C:\ProgramData\~ax1bQt93JxKdtAr
[2012/03/05 21:26:39 | 000,000,456 | ---- | C] () -- C:\ProgramData\ax1bQt93JxKdtA
[2012/03/03 16:17:07 | 000,001,099 | ---- | C] () -- C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/02/26 14:26:42 | 000,108,280 | ---- | C] () -- C:\Users\thomas\Documents\MCDONALDS-PrintableCoupon.pdf2.pdf
[2012/02/21 15:59:18 | 000,002,394 | ---- | C] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT
[2012/02/21 15:58:39 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job
[2012/02/21 15:58:38 | 000,000,492 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2012/02/21 15:58:33 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2012/02/21 12:48:24 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2012/02/17 12:44:20 | 000,761,933 | ---- | C] () -- C:\Users\thomas\Documents\MCDONALDS-PrintableCoupon.pdf
[2012/02/17 12:43:28 | 000,761,933 | ---- | C] () -- C:\Users\thomas\Documents\MCR-PrintableCoupon-.pdf
[2012/02/13 14:50:04 | 010,468,138 | ---- | C] () -- C:\Users\thomas\Documents\1984 rollback.pdf
[2011/11/05 18:45:53 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/11/03 22:45:56 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini

========== LOP Check ==========

[2011/05/13 12:39:03 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Artogon
[2011/11/05 18:55:51 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Exent Technologies
[2008/12/15 18:51:48 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Eyeblaster
[2011/11/03 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\FrostWire
[2012/01/25 11:03:38 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\GARMIN
[2011/05/17 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\ID Vault
[2012/01/11 11:28:57 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Image Zone Express
[2012/03/09 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\IrfanView
[2011/11/05 18:55:49 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\iWin
[2012/02/21 12:49:28 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Nuance
[2012/03/11 15:03:51 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Oberon Media
[2007/08/31 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\PlayFirst
[2007/09/19 12:13:39 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Pogo Games
[2011/09/30 09:50:50 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Printer Info Cache
[2012/03/09 20:26:34 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SmartDraw
[2007/08/20 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Snapfish
[2012/03/09 20:26:34 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\SpinTop
[2007/08/30 10:49:18 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\Template
[2009/01/05 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\TomTom
[2007/08/22 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WildTangent
[2008/02/14 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\WinBatch
[2012/03/05 07:54:09 | 000,000,492 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2012/03/02 02:00:10 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
[2012/03/13 06:49:27 | 000,000,516 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
[2012/03/13 19:07:52 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/13 19:10:59 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:E49FC3A5
@Alternate Data Stream - 64 bytes -> C:\Users\thomas\Desktop\Left Behind (Chrysler Documentary).mp4:TOC.WMV
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:21F28B00
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E13861A5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:6122E243
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:1A6AFE3D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B9436876
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DE73B0FE
< End of report >

Extras.txt:

OTL Extras logfile created on: 3/13/2012 7:13:36 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\thomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 50.64% Memory free
3.98 Gb Paging File | 2.95 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.31 Gb Total Space | 179.76 Gb Free Space | 62.13% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.81 Gb Free Space | 9.20% Space Free | Partition Type: NTFS

Computer Name: THOMAS-PC | User Name: thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1011A76D-D0CC-4E9D-B359-70DDCDE7A163}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{27915E9A-324B-4936-9D6C-A3A5A6DBB7BF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3AAE5919-B2A6-4F25-B812-4C215D07B519}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3B2372D9-29EF-43B4-803E-F2A92841C91E}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5143A5EB-B93B-4AC8-A003-27CAA730B8F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5F226FF5-C484-4B42-B8A4-E34CBC415BE0}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6F516B90-4B59-426A-86BC-E6B2E23AC2DB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{7F424EB3-CF93-4F6B-9EC4-0B0246891AB9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8A006B8C-4065-4BD9-AA8E-E8544264BDB0}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{980B2E91-C1DE-4999-9DA7-F3F257FDE237}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B6B6651C-24E9-4464-969C-697CBD951555}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B9062737-8779-480F-AA66-4C7525322D1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BFDE7E44-ECCD-463A-AB81-F8A598627023}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C7A23DE1-CA04-4E42-9039-0D357345EFA0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CE612C43-25AD-46CC-BFC9-0247BE8E59F1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D8FBBE42-F01C-48BF-8697-FD3C24554FAB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"TCP Query User{A1A86943-9836-47C6-A3DA-49B31B3656C2}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{61398DA5-182F-4E6C-A81D-DE73F2E6C325}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110542703}" = Word Whomp To Go
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin
"28e03a3aab8b0978c17af3afdc47a6ee" = Treasure Seekers The Enchanted Canvases
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"A_Free_Ride_Games_Bar Toolbar" = A Free Ride Games Bar Toolbar
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy Chef 1,000,000 Recipes" = Easy Chef 1,000,000 Recipes
"FLVplayer" = FLV Player
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"IrfanView" = IrfanView (remove only)
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Moraff's_Maximum_Mahjongg_1.0" = Moraff's Maximum MahJongg 1.0
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Shop for HP Supplies" = Shop for HP Supplies
"Snood 4_is1" = Snood 4
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Super Text Twist Free Trial_is1" = Super Text Twist Free Trial
"Text Twist" = Text Twist
"TomTom HOME" = TomTom HOME 2.5.2.60
"UPCShell" = LeapFrog Connect
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Wheel of Fortune 2" = Wheel of Fortune 2 (remove only)
"WildTangent hpdesktop Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2007" = SmartDraw 2007

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2012 9:40:58 PM | Computer Name = thomas-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/8/2012 8:56:46 PM | Computer Name = thomas-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/8/2012 11:18:54 PM | Computer Name = thomas-PC | Source = IDVault | ID = 0
Description = IsIDVaultAlreadyRunning failed Only part of a ReadProcessMemory or
WriteProcessMemory request was completed at System.Diagnostics.NtProcessManager.GetModuleInfos(Int32
processId, Boolean firstModuleOnly) at System.Diagnostics.NtProcessManager.GetFirstModuleInfo(Int32
processId) at System.Diagnostics.Process.get_MainModule() at (Object ) at
? .? . ()

Error - 3/8/2012 11:20:12 PM | Computer Name = thomas-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 3/9/2012 12:13:55 AM | Computer Name = thomas-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 3/9/2012 12:19:17 PM | Computer Name = thomas-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 3/9/2012 5:33:53 PM | Computer Name = thomas-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 3/12/2012 1:56:02 PM | Computer Name = thomas-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1764 Start Time: 01cd0065eb461709 Termination Time: 647

Error - 3/12/2012 7:24:07 PM | Computer Name = thomas-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f70 Start Time: 01cd007870951d49 Termination Time: 189

Error - 3/12/2012 7:24:39 PM | Computer Name = thomas-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1344 Start Time: 01cd00a738a611d9 Termination Time: 18

[ Media Center Events ]
Error - 9/24/2009 5:30:02 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 7:48:51 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/24/2010 8:39:55 PM | Computer Name = thomas-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/13/2012 6:23:26 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2012 6:23:58 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/13/2012 6:37:14 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2012 6:37:14 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2012 6:37:14 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2012 6:37:23 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/13/2012 7:10:43 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2012 7:10:43 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2012 7:10:43 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/13/2012 7:10:58 PM | Computer Name = thomas-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

FixExec.txt:

FixExec by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about FixExec can be found at this link:
http://www.bleepingc...ilities/fixexec
Program started at: 03/13/2012 06:45:15 PM in x86 mode.
Windows Version: Windows Vista
Checking for processes to terminate before fixing executable associations.
* No processes found to kill.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe\\@ exists and is set to F4D56!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\F4D56 has been deleted!
* HKCU\SOFTWARE\Classes\.bat\\@ exists and is set to batfile!
* HKCU\SOFTWARE\Classes\.bat has been deleted!
* HKCU\SOFTWARE\Classes\.com\\@ exists and is set to comfile!
* HKCU\SOFTWARE\Classes\.com has been deleted!
Program finished at: 03/13/2012 06:46:43 PM
Execution time: 0 hours(s), 1 minute(s), and 27 seconds(s)

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 14 March 2012 - 07:56 AM

Very good! :)

Step 1

Please uninstall the following applications: McAfee Security Scan Plus and Viewpoint Media Player.


Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1320680
    IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5
    IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1320680
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll File not found
    O2 - BHO: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    F3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000 WinNT: Load - (C:\Users\thomas\LOCALS~1\Temp\mskmwna.com) - File not found
    [2012/03/05 22:23:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\ax1bQt93JxKdtA
    [2012/03/05 21:28:24 | 000,000,296 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtA
    [2012/03/05 21:28:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtAr
    [2012/03/09 17:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B
    [2012/02/21 15:59:18 | 000,002,394 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT
    [2011/11/03 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\FrostWire
    
    :files
    C:\Program Files\A_Free_Ride_Games_Bar
    C:\Program Files\MyWebSearch
    C:\Program Files\FunWebProducts
    C:\Program Files\Viewpoint
    C:\Program Files\ConduitEngine
    C:\Program Files\Constant Guard Protection Suite
    C:\Program Files\Free Ride Games
    C:\Program Files\McAfee Security Scan
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}" =-
    "{3B2372D9-29EF-43B4-803E-F2A92841C91E}" =-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "A_Free_Ride_Games_Bar Toolbar" =-
    "conduitEngine" =-
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 14 March 2012 - 06:37 PM

OK,

Uninstalled "McAfee Security Scan Plus"

Uninstalled "Veiwpoint Media Player" - (this had been uninstalled back in post #3 so I'm not sure why it was there)

Copied and pasted the text you provided into OTL and clicked "Run Fix."

Scan ran very quickly and asked to reboot.

System hung during shutdown and I powered off manually after a while.

OTL produced a log after restart.


We are still getting the pop-up error message I mentioned in post #5. I was wondering if you think cleaning up the registry with CCleaner might take care of this issue. I know I shouldn't run CCleaner until we are all done, I was just wondering if you thought it might remedy the situation.

Thanks again.

OTL log:

All processes killed
Error: Unable to interpret <:OTLSRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)IE - HKLM\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...l=dis&o=ushpdIE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...tid=CT1320680IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...l=dis&o=ushpdIE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\Search> in the current context!
Error: Unable to interpret <Scopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&geo=US&ver=5IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...tid=CT1320680FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not foundFF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not foundFF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.binO2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)O2 - BHO: (Constant Guard > in the current context!
Error: Unable to interpret <Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll File not foundO2 - BHO: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)O4 - HKLM..\Run: [] File not foundO4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ri> in the current context!
Error: Unable to interpret <de Games\GPlayer.exe (Exent Technologies Ltd.)O4 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)F3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000 WinNT: Load - (C:\Users\thomas\LOCALS~1\Temp\mskmwna.com) - File not found[2012/03/05 22:23:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\ax1bQt93JxKdtA[2012/03/05 21:28:24 | 000,000,296 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtA[2012/03/05 21:28:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtAr[2012/03/09 17:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B[2012/02/21 15:59:18 | 000,002,394 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT[2011/11/03 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\FrostWire:filesC:\Program Files\A_Free_Ride_Games_BarC:\Program Files\MyWebSearchC:\Program Files\FunWebProductsC:\Program Files\ViewpointC:\Program Files\ConduitEngineC:\Program > in the current context!
Error: Unable to interpret <Files\Constant Guard Protection SuiteC:\Program Files\Free Ride GamesC:\Program Files\McAfee Security Scan:reg[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}" =-"{3B2372D9-29EF-43B4-803E-F2A92841C91E}" =-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"A_Free_Ride_Games_Bar Toolbar" =-"conduitEngine" =-:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.36.3 log created on 03142012_185212
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 March 2012 - 06:50 AM

Scan ran very quickly and asked to reboot.


Because your script is not working. My script should like this and everything should be on a new line. Please try again.

I was wondering if you think cleaning up the registry with CCleaner might take care of this issue. I know I shouldn't run CCleaner until we are all done, I was just wondering if you thought it might remedy the situation.


We don't suggest registry cleaners. Here is why:
http://miekiemoes.bl...weaking_13.html

Please don't use them.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 17 March 2012 - 12:11 PM

Hey Maniac,

Thanks for the info on registry cleaners. Didn't realize they could be harmful.

For some reason when I copied/pasted your OTL commands the returns didn't copy and everything appeared on one line. I had to paste them into a wordpad document and then manually add the returns. Then I was able to copy and paste from notepad into OTL.

When I ran OTL it seemed to being doing OK at first but then it paused. I soon got a message from windows that OTL was not responding and had to be shut down. At that point the system hung with no icons or task bar. Had to shut down manually and restart. OTL did not produce a log.

I wasn't sure if I should run it again or if doing so would cause any problems so I thought I would post back and wait for your advice.

Not sure if I made a mistake with the OTL commands so I decided to post them so you could have a look.

Thanks again.

Here is what I pasted into OTL:

:OTL
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
IE - HKLM\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...22&geo=US&ver=5
IE - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1320680
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll File not found
O2 - BHO: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (A Free Ride Games Bar Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)F3 - HKU\S-1-5-21-1438759059-2066498689-1681145571-1000 WinNT: Load - (C:\Users\thomas\LOCALS~1\Temp\mskmwna.com) - File not found
[2012/03/05 22:23:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\ax1bQt93JxKdtA
[2012/03/05 21:28:24 | 000,000,296 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtA
[2012/03/05 21:28:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\~ax1bQt93JxKdtAr
[2012/03/09 17:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B
[2012/02/21 15:59:18 | 000,002,394 | ---- | M] () -- C:\Users\thomas\AppData\Roaming\SAS7_000.DAT
[2011/11/03 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\thomas\AppData\Roaming\FrostWire

:files
C:\Program Files\A_Free_Ride_Games_Bar
C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts
C:\Program Files\Viewpoint
C:\Program Files\ConduitEngine
C:\Program Files\Constant Guard Protection Suite
C:\Program Files\Free Ride Games
C:\Program Files\McAfee Security Scan

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}" =-
"{3B2372D9-29EF-43B4-803E-F2A92841C91E}" =-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A_Free_Ride_Games_Bar Toolbar" =-
"conduitEngine" =-

:Commands
[emptytemp]
[clearallrestorepoints]

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 March 2012 - 12:57 PM

Please try again in Safe Mode:
http://windows.micro...er-in-safe-mode
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 18 March 2012 - 08:05 PM

OK, I was able to run OTL in safe mode.

Here is the log:


All processes killed
========== OTL ==========
Error: No service named McComponentHostService was found to stop!
Service\Driver key McComponentHostService not found.
File C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
File C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{136A6348-D601-4D57-A77A-BF9231B38261}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f92a9fe4-2850-4198-b9d5-279880e49b16} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
File C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll not found.
Registry key HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{136A6348-D601-4D57-A77A-BF9231B38261}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{136A6348-D601-4D57-A77A-BF9231B38261}\ not found.
Registry key HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
File C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f92a9fe4-2850-4198-b9d5-279880e49b16} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f92a9fe4-2850-4198-b9d5-279880e49b16}\ not found.
File C:\Program Files\A_Free_Ride_Games_Bar\prxtbA_Fr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.
File C:\Program Files\Free Ride Games\GPlayer.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.
File C:\Program Files\Free Ride Games\GPlayer.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.
File C:\Program Files\Free Ride Games\GPlayer.exe not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.
File C:\Program Files\Free Ride Games\GPlayer.exe not found.
Registry value HKEY_USERS\S-1-5-21-1438759059-2066498689-1681145571-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.
File C:\ProgramData\ax1bQt93JxKdtA not found.
File C:\ProgramData\~ax1bQt93JxKdtA not found.
File C:\ProgramData\~ax1bQt93JxKdtAr not found.
Folder C:\ProgramData\F4D562BF0005A14400244E3C570F1C8B\ not found.
File C:\Users\thomas\AppData\Roaming\SAS7_000.DAT not found.
Folder C:\Users\thomas\AppData\Roaming\FrostWire\ not found.
========== FILES ==========
File\Folder C:\Program Files\A_Free_Ride_Games_Bar not found.
File\Folder C:\Program Files\MyWebSearch not found.
File\Folder C:\Program Files\FunWebProducts not found.
File\Folder C:\Program Files\Viewpoint not found.
File\Folder C:\Program Files\ConduitEngine not found.
File\Folder C:\Program Files\Constant Guard Protection Suite not found.
File\Folder C:\Program Files\Free Ride Games not found.
File\Folder C:\Program Files\McAfee Security Scan not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3504F588-15FC-4DFB-BC2D-1C4DC6481E92} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3504F588-15FC-4DFB-BC2D-1C4DC6481E92}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B2372D9-29EF-43B4-803E-F2A92841C91E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B2372D9-29EF-43B4-803E-F2A92841C91E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\A_Free_Ride_Games_Bar Toolbar not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\conduitEngine not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: thomas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 170492787 bytes
->Java cache emptied: 81752364 bytes
->Flash cache emptied: 93799 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4573 bytes
RecycleBin emptied: 74961 bytes

Total Files Cleaned = 241.00 mb


OTL by OldTimer - Version 3.2.36.3 log created on 03182012_205211
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 March 2012 - 08:06 AM

Boot in Normal mode and let me know how are things now.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 20 March 2012 - 06:11 PM

Hey Maniac,

Everything seems OK except we are still getting the pop-up error I told you about in post #5. The same message appears on every boot.

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 21 March 2012 - 07:22 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 22 March 2012 - 06:50 PM

I attempted to disable Norton and ran Combofix. Combofix reported that Norton was not disabled and I again attempted to disable everything in Norton before continuing. Once again Combofix said that Norton was still not disabled but Combofix continued to run.

Here is Combofix.txt:

ComboFix 12-03-22.01 - thomas 03/22/2012 19:25:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.1017 [GMT -4:00]
Running from: c:\users\thomas\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\start.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-14 22:52 . 2012-03-14 22:52 -------- d-----w- C:\_OTL
2012-03-14 11:04 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:04 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 11:04 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 11:04 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:04 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 11:04 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 11:03 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 11:03 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 11:03 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-09 21:32 . 2012-03-09 21:35 -------- d-----w- c:\programdata\F4D562BF0005A14400244E3C570F1C8B
2012-03-06 04:30 . 2012-03-06 04:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(753)
2012-02-22 20:14 . 2012-02-22 20:14 -------- d-----w- c:\users\thomas\AppData\Local\Scansoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 21:56 . 2011-07-30 11:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-11 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
.
c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111v2.exe [2009-3-25 1724416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-13 00:44 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
2007-03-07 18:09 44168 ----a-w- c:\windows\SMINST\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-22 18:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-22 18:49 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 10:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-10-11 13:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-22 23:24]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-22 23:24]
.
2012-03-05 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-07-28 03:07]
.
2012-03-02 c:\windows\Tasks\NatSpeak Periodic Data Collection.job
- c:\program files\Nuance\NaturallySpeaking10\Program\datacollector.exe [2008-07-28 03:07]
.
2012-03-13 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-07-28 03:07]
.
2012-03-22 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2007-12-10 13:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=BNHP
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AOL Fast Start - c:\program files\AOL 9.0b\AOL.EXE
MSConfigStartUp-Google Update - c:\users\thomas\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1187657277\ee\AOLSoftware.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-SearchEngineProtection - c:\program files\Gamesbar\SearchEngineProtection.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
AddRemove-A_Free_Ride_Games_Bar Toolbar - c:\progra~1\A_FREE~1\UNINST~1.EXE
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} - c:\program files\Free Ride Games\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-22 19:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-03-22 19:35:44
ComboFix-quarantined-files.txt 2012-03-22 23:35
.
Pre-Run: 193,152,491,520 bytes free
Post-Run: 193,096,896,512 bytes free
.
- - End Of File - - 275483438EA22A43BAB5FC4672446F4F

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 March 2012 - 10:13 AM

What about the message now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 newguy

newguy

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 115 posts
  • Gender:Not Telling

Posted 23 March 2012 - 06:58 PM

Hi Maniac,

The messages is no longer showing up. After booting up he tried to go to a couple of web sites just to see how things were working. First, IE asked if he wanted to make IE the default browser. Now when he visits certain web pages he is getting a "security alert" that begins: "you are about to view pages over a secure connection,,," He does not remember seeing this before. Not sure if Combofix reset some things and this is normal but I thought I would let you know. Other than that things seem OK. Just in case I advised him to still not use the system until we hear from you.

Thanks again.

#20 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 March 2012 - 05:05 AM

First, IE asked if he wanted to make IE the default browser.


ComboFix resets default browser. It is your choice which one to be now.

Now when he visits certain web pages he is getting a "security alert" that begins: "you are about to view pages over a secure connection,,," He does not remember seeing this before. Not sure if Combofix reset some things and this is normal but I thought I would let you know.


It is caused by ComboFix. Open Internet Explorer. Click Tools > Internet Options > Advanced > Security. Uncheck the "Warn if changing between secure and not secure mode" box.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users