Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Virus issue... won't let me install spybot

  1. #1
    Junior Member
    Join Date
    Jun 2007
    Posts
    19

    Question Virus issue... won't let me install spybot

    Hello! I have some sort of virus on my computer. It won't even allow me to install spybot. It seems to work differently on the different accounts on the computer. The admin account is the most affected. The account I am sending this from and where the hjt log comes from is not as affected. Please let me know if you need an hjt log from the other account, or if this one will do!

    Thanks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:03:48 AM, on 1/14/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\ERUNT\ERUNT.EXE
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [USBestCR] "C:\Program Files (x86)\USIM Editor\iconcs66497719.exe" RunFromReg
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [mmwyyymp] C:\Users\bruce\AppData\Local\bkooab\sdbcsysguard.exe
    O4 - HKCU\..\Run: [lnabchii] C:\Users\bruce\AppData\Local\uvsmbu\scpwsysguard.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3236316614-3848195771-2049102892-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Hana')
    O4 - HKUS\S-1-5-21-3236316614-3848195771-2049102892-1001\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (User 'Hana')
    O4 - S-1-5-21-3236316614-3848195771-2049102892-1001 Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (User 'Hana')
    O4 - S-1-5-21-3236316614-3848195771-2049102892-1001 User Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (User 'Hana')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O13 - Gopher Prefix:
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\coIEPlg.dll
    O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12479 bytes

  2. #2
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • Please post contents of that file in your next reply.



    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Copy-paste following contents into custom scan -area:
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      /md5stop
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Microsoft Windows Insider MVP 2016-2019
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jun 2007
    Posts
    19

    Default

    Here is the Malwarebytes log. This is the 2nd time I ran it. I had to run it again because the other log disappeared.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18865

    1/19/2010 6:58:33 PM
    mbam-log-2010-01-19 (18-58-33).txt

    Scan type: Quick Scan
    Objects scanned: 89641
    Time elapsed: 1 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files (x86)\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
    C:\Program Files (x86)\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Delete on reboot.
    C:\Program Files (x86)\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Delete on reboot.
    C:\Program Files (x86)\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Delete on reboot.

    Files Infected:
    C:\Program Files (x86)\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Delete on reboot.

    Extra log:

    OTL Extras logfile created on: 1/19/2010 6:16:26 PM - Run 1
    OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Hana\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18865)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 71.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 917.54 Gb Total Space | 739.33 Gb Free Space | 80.58% Space Free | Partition Type: NTFS
    Drive D: | 13.97 Gb Total Space | 1.97 Gb Free Space | 14.12% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: BRUCE-PC
    Current User Name: bruce
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = C5 5A 84 15 0E 44 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{091BD3A4-65E2-4B82-9540-9FB9F19F3C38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{118715EA-0B5D-4984-BEAD-4CA5AA12A2F4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{1545D854-3361-4ED2-9E40-D499C95D144F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{21E01D7D-B144-4FE3-9219-96D38386187B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{4CDE0A2F-38CE-4DAB-8C59-7999343619FE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{516F8080-D17D-4D1E-854F-6F3239C11CA7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{55D24A24-288A-4C0E-97B3-FF3F02A411AD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{6281A2A6-45E4-41B9-A03F-D5B3B4D1F6B0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{67FB687A-2725-45AA-B689-CD4FA6DF6B33}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{8B2C07BE-29D5-47FC-8D0E-3CA071EF40B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{9C36AD46-3011-4FF1-8AB7-66A8B080DAEC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{C43DBC8B-3469-4DEA-92D0-7309FFB9EE90}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{F4DF7E68-0A02-4D65-9D0A-C469373C5CB2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3E597AC0-C805-7F2C-FF91-6D2EA9368D37}" = ccc-utility64
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F7FF5EB8-E7C8-8096-0C33-A5B30CD2EA4C}" = ATI Catalyst Install Manager
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NVIDIA Drivers" = NVIDIA Drivers
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "PC-Doctor for Windows" = Hardware Diagnostic Tools

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
    "{10133E8F-56BA-9679-B1C9-BDD2A737524D}" = Catalyst Control Center Graphics Light
    "{1116E59F-AC01-B06D-024C-95E13490DE43}" = CCC Help Korean
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
    "{1F96599E-619C-1EBD-8BE6-F39A5029D344}" = CCC Help Finnish
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{25AEC278-A3E1-13C4-5BE3-95920A6AACB3}" = CCC Help Italian
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
    "{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
    "{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
    "{2F2D50D7-C7A4-FAEC-4141-51B3D1DD543D}" = CCC Help Russian
    "{30B2C06D-4E04-108F-84E4-DBDB3B7D9340}" = ccc-core-static
    "{362C65F7-571F-8396-DF58-A6A8D63444D2}" = CCC Help Swedish
    "{365B9E8A-5044-F17C-ABF1-815DF62F4B51}" = CCC Help Spanish
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{444DB7A0-BB94-9942-7215-EF8165F3053B}" = Catalyst Control Center Graphics Full New
    "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
    "{4D80B6CD-B297-FDE8-985B-05540F73ACDF}" = CCC Help German
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{5A9AB192-3A8F-6386-6CE2-80DC9CF9DCBA}" = Catalyst Control Center Graphics Previews Vista
    "{5E39F0CC-4255-66B2-F8D1-FB76C5504C47}" = Catalyst Control Center Graphics Full Existing
    "{66206F6F-A212-4FAC-837D-3415AA5698DC}" = Catalyst Control Center - Branding
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6DD2B3B5-FE09-E821-A930-C154DA7F70C0}" = CCC Help Polish
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72CEB52D-E5B8-B94F-0DB1-2E26F68F0394}" = Catalyst Control Center Core Implementation
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{88104ACD-31BA-B16E-F151-5F295D215E75}" = CCC Help Danish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C3DC8C3-E569-3A75-753F-C04904776AEA}" = Catalyst Control Center Graphics Previews Common
    "{8C657345-C0C0-42F0-2107-43F3F223C99E}" = CCC Help Turkish
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A02FA6E-01D8-451A-F373-767C2F906F21}" = CCC Help Czech
    "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
    "{9F8E53F8-2B04-1CBE-80D2-722D8016BFAC}" = CCC Help French
    "{A002C1C4-C17B-6269-66FA-CC113FFE4E89}" = CCC Help Japanese
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{AC49682F-CE9E-43D3-1556-95F4C19DCAFC}" = CCC Help Portuguese
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BC07934A-69FF-A886-E4F1-480EA39C43C3}" = CCC Help Dutch
    "{BE380C5D-BE4C-08C5-8123-79AC369A8029}" = CCC Help Norwegian
    "{C03897FD-8FE2-A7A6-FA75-B0840CB949E0}" = CCC Help Greek
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}" = Microsoft Live Search Toolbar
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CF3C3096-003A-9FC9-4715-9FC8962E35F3}" = Catalyst Control Center InstallProxy
    "{D07A3080-A281-C40D-2E1E-699F98B4F3F7}" = CCC Help Chinese Traditional
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DECD11E6-42D5-3416-AD6B-60A9093CE0CE}" = CCC Help Hungarian
    "{DEF45232-204B-12BA-BCAC-105DCF05A399}" = CCC Help English
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{EA36F8FF-81C8-2832-F023-3CEB2283E3EB}" = CCC Help Thai
    "{EADFF891-1161-6EC4-6F0A-7FF1E30F4C57}" = CCC Help Chinese Standard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2E05527-16B4-5855-E3FD-D27A7EE477B4}" = Catalyst Control Center Localization All
    "{FB8E2BF3-74B7-75D5-941D-FBF10395D002}" = Skins
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.24.0
    "EPSON Scanner" = EPSON Scan
    "ERUNT_is1" = ERUNT 1.1j
    "HijackThis" = HijackThis 2.0.2
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
    "N360" = Norton 360
    "pywin32-py2.6" = Python 2.6 pywin32-212
    "TomTom HOME" = TomTom HOME 2.7.2.1825
    "WildTangent hp Master Uninstall" = HP Games

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/13/2010 3:34:41 PM | Computer Name = bruce-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.6001.18865 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 3a40 Start Time: 01ca948077fe899a Termination Time: 0

    Error - 1/13/2010 3:36:35 PM | Computer Name = bruce-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
    0x4b077416, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
    exception code 0xc0000005, fault offset 0x001579a2, process id 0x3864, application
    start time 0x01ca94879fb4d78a.

    Error - 1/13/2010 5:55:34 PM | Computer Name = bruce-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
    0x4b077416, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03824,
    exception code 0xc0000005, fault offset 0x00038e7c, process id 0x33a8, application
    start time 0x01ca946c37f8b46a.

    Error - 1/13/2010 9:24:08 PM | Computer Name = bruce-PC | Source = MsiInstaller | ID = 1013
    Description =

    Error - 1/13/2010 9:24:08 PM | Computer Name = bruce-PC | Source = MsiInstaller | ID = 11719
    Description =

    Error - 1/13/2010 9:24:13 PM | Computer Name = bruce-PC | Source = MsiInstaller | ID = 1013
    Description =

    Error - 1/14/2010 1:19:17 AM | Computer Name = bruce-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/14/2010 1:32:55 AM | Computer Name = bruce-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 1/14/2010 1:46:00 AM | Computer Name = bruce-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 1/14/2010 1:51:51 AM | Computer Name = bruce-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 10/11/2009 11:48:29 PM | Computer Name = bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/25/2009 11:40:05 PM | Computer Name = bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 11/28/2009 4:58:44 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:45 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:46 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:47 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:48 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:49 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:50 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:51 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:52 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/28/2009 4:58:53 AM | Computer Name = bruce-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 0.0.0.0 for the Network Card with network address
    00261819EE31 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
    DHCPNACK message).


    < End of report >


    OTL log:

    OTL logfile created on: 1/19/2010 6:16:26 PM - Run 1
    OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Hana\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18865)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 71.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 917.54 Gb Total Space | 739.33 Gb Free Space | 80.58% Space Free | Partition Type: NTFS
    Drive D: | 13.97 Gb Total Space | 1.97 Gb Free Space | 14.12% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: BRUCE-PC
    Current User Name: bruce
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Hana\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    PRC - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Hana\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
    SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (AfaService) -- C:\Windows\SysWOW64\afasrv64.exe ()
    SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\ccSvcHst.exe (Symantec Corporation)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (LightScribeService) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
    SRV - (HPBtnSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
    SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 05:34:14 | 00,000,000 | ---D | M]
    SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
    SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0300000.086\ccHPx64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0300000.086\SRTSP64.SYS (Symantec Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0300000.086\SYMEFA64.SYS (Symantec Corporation)
    DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\N360x64\0300000.086\BHDrvx64.sys (Symantec Corporation)
    DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\N360x64\0300000.086\SYMTDI.SYS (Symantec Corporation)
    DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\drivers\N360x64\0300000.086\SYMFW.SYS (Symantec Corporation)
    DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\drivers\N360x64\0300000.086\SYMNDISV.SYS (Symantec Corporation)
    DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
    DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0300000.086\SRTSPX64.SYS (Symantec Corporation)
    DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
    DRV:64bit: - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (MHIKEY10) -- C:\Windows\SysNative\Drivers\MHIKEY10x64.sys (Generic USB smartcard reader)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSviA64.sys (Symantec Corporation)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.008\EX64.SYS (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.008\ENG64.SYS (Symantec Corporation)
    DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
    DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
    DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/15 03:14:46 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/15 23:07:02 | 00,000,000 | ---D | M]

    [2010/01/19 06:40:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2006/09/18 13:37:24 | 00,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\CoIEPlg.dll (Symantec Corporation)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\CoIEPlg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
    O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs66497719.exe ()
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Microsoft Default Manager] c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs66497719.exe ()
    O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
    O4 - Startup: C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.0.0.134\CoIEPlg.dll (Symantec Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{1f5f33fd-de0c-11de-97fd-00261819ee31}\Shell - "" = AutoRun
    O33 - MountPoints2\{1f5f33fd-de0c-11de-97fd-00261819ee31}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    64bit: O35 - comfile [open] -- "%1" %* File not found
    64bit: O35 - exefile [open] -- "%1" %* File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/01/19 18:00:02 | 00,000,000 | ---D | C] -- C:\Users\bruce\AppData\Roaming\Malwarebytes
    [2010/01/19 17:59:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/01/19 17:59:57 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/01/19 17:59:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/01/19 17:59:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/01/16 01:13:51 | 00,000,000 | ---D | C] -- C:\Users\bruce\AppData\Roaming\Mozilla
    [2010/01/15 23:07:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
    [2010/01/15 03:14:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2010/01/14 00:03:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/01/13 23:59:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2010/01/13 17:23:22 | 00,000,000 | ---D | C] -- C:\Users\bruce\AppData\Local\Apple
    [2010/01/13 17:23:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2010/01/13 17:20:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/01/13 17:20:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2010/01/13 17:20:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2010/01/13 01:03:23 | 00,000,000 | ---D | C] -- C:\Users\bruce\AppData\Local\uvsmbu
    [2010/01/13 01:03:13 | 00,000,000 | ---D | C] -- C:\Users\bruce\AppData\Local\bkooab
    [2010/01/12 23:20:58 | 00,000,000 | ---D | C] -- C:\Users\bruce\AppData\Roaming\Real
    [2010/01/12 15:09:07 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
    [2010/01/12 15:09:07 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
    [2010/01/12 15:09:07 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
    [2010/01/12 15:09:07 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
    [2009/12/27 17:32:55 | 00,000,000 | ---D | C] -- C:\ProgramData\HipSoft

    ========== Files - Modified Within 30 Days ==========

    [2010/01/19 18:16:00 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D29F4D90-D064-48D5-B5F3-BFCCD13C5303}.job
    [2010/01/19 18:11:53 | 01,310,720 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT
    [2010/01/19 18:00:02 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/19 17:59:15 | 00,524,288 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT{f97df590-039b-11df-8ef8-00261819ee31}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/19 17:59:15 | 00,065,536 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT{f97df590-039b-11df-8ef8-00261819ee31}.TM.blf
    [2010/01/19 16:39:40 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/01/19 16:39:40 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/01/19 06:39:50 | 00,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2010/01/19 06:39:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/01/19 06:39:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/01/17 13:31:51 | 00,524,288 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT{f97df590-039b-11df-8ef8-00261819ee31}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/17 01:32:16 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/01/17 01:32:16 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/01/17 01:32:16 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/01/17 00:24:15 | 00,524,288 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT{52f7b65e-ff91-11de-80bc-00261819ee31}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/17 00:24:15 | 00,065,536 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT{52f7b65e-ff91-11de-80bc-00261819ee31}.TM.blf
    [2010/01/15 03:14:48 | 00,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/01/14 19:29:27 | 01,497,004 | -H-- | M] () -- C:\Users\bruce\AppData\Local\IconCache.db
    [2010/01/14 00:03:33 | 00,001,930 | ---- | M] () -- C:\Users\bruce\Desktop\HijackThis.lnk
    [2010/01/14 00:01:28 | 00,000,945 | ---- | M] () -- C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/01/14 00:01:22 | 00,000,765 | ---- | M] () -- C:\Users\bruce\Desktop\NTREGOPT.lnk
    [2010/01/14 00:01:22 | 00,000,746 | ---- | M] () -- C:\Users\bruce\Desktop\ERUNT.lnk
    [2010/01/13 23:11:21 | 00,006,836 | ---- | M] () -- C:\Users\bruce\AppData\Local\d3d9caps.dat
    [2010/01/12 22:26:38 | 00,524,288 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT{52f7b65e-ff91-11de-80bc-00261819ee31}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/12 22:26:37 | 00,524,288 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT{b9020bc6-d434-11de-8d85-00261819ee31}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/12 22:26:37 | 00,065,536 | -HS- | M] () -- C:\Users\bruce\NTUSER.DAT{b9020bc6-d434-11de-8d85-00261819ee31}.TM.blf
    [2010/01/11 14:12:31 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2010/01/08 22:55:58 | 00,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/01/07 00:31:26 | 10,626,63889 | ---- | M] () -- C:\Windows\MEMORY.DMP

    ========== Files Created - No Company Name ==========

    [2010/01/19 18:00:02 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/17 13:31:50 | 00,524,288 | -HS- | C] () -- C:\Users\bruce\NTUSER.DAT{f97df590-039b-11df-8ef8-00261819ee31}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/17 13:31:50 | 00,524,288 | -HS- | C] () -- C:\Users\bruce\NTUSER.DAT{f97df590-039b-11df-8ef8-00261819ee31}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/17 13:31:50 | 00,065,536 | -HS- | C] () -- C:\Users\bruce\NTUSER.DAT{f97df590-039b-11df-8ef8-00261819ee31}.TM.blf
    [2010/01/15 03:14:48 | 00,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/01/14 00:03:33 | 00,001,930 | ---- | C] () -- C:\Users\bruce\Desktop\HijackThis.lnk
    [2010/01/14 00:01:28 | 00,000,945 | ---- | C] () -- C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2010/01/13 23:59:57 | 00,000,765 | ---- | C] () -- C:\Users\bruce\Desktop\NTREGOPT.lnk
    [2010/01/13 23:59:57 | 00,000,746 | ---- | C] () -- C:\Users\bruce\Desktop\ERUNT.lnk
    [2010/01/12 22:26:38 | 00,524,288 | -HS- | C] () -- C:\Users\bruce\NTUSER.DAT{52f7b65e-ff91-11de-80bc-00261819ee31}.TMContainer00000000000000000002.regtrans-ms
    [2010/01/12 22:26:38 | 00,524,288 | -HS- | C] () -- C:\Users\bruce\NTUSER.DAT{52f7b65e-ff91-11de-80bc-00261819ee31}.TMContainer00000000000000000001.regtrans-ms
    [2010/01/12 22:26:38 | 00,065,536 | -HS- | C] () -- C:\Users\bruce\NTUSER.DAT{52f7b65e-ff91-11de-80bc-00261819ee31}.TM.blf
    [2010/01/11 14:12:31 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2009/09/26 18:09:27 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/09/23 20:17:23 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/09/23 20:16:54 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/08/23 09:29:30 | 00,006,836 | ---- | C] () -- C:\Users\bruce\AppData\Local\d3d9caps.dat
    [2009/08/20 16:59:37 | 00,000,110 | ---- | C] () -- C:\Users\bruce\AppData\Roaming\wklnhst.dat
    [2009/08/05 19:21:52 | 00,006,144 | ---- | C] () -- C:\Users\bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/24 07:26:33 | 00,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
    [2009/04/24 07:26:33 | 00,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
    [2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

    ========== Custom Scans ==========



    < MD5 for: AGP440.SYS >
    [2008/01/20 18:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
    [2008/01/20 18:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 18:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2009/04/10 23:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 03:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
    [2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2007/05/17 20:34:04 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

    < MD5 for: IASTORV.SYS >
    [2008/01/20 18:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2008/01/20 18:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
    [2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
    [2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
    [2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
    [2009/04/10 23:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
    [2008/01/20 18:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2008/01/20 18:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/20 18:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
    [2008/01/20 18:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
    [2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
    [2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
    [2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
    [2009/04/10 23:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
    < End of report >


    Thanks!

  4. #4
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    I'm terribly sorry that you had to wait for response. Of some reason my topic subscription tracking showed this topic with my reply as the latest one.

    Please start MBAM, update its definitions on the update tab and run a quick scan. Let the found items be removed and post back the report together with a fresh OTL.txt log.
    Microsoft Windows Insider MVP 2016-2019
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Jun 2007
    Posts
    19

    Default

    It's okay for the late response. I was out of town. Is there anyway to update without purchasing the program?

  6. #6
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Is there anyway to update without purchasing the program?
    Yes. Start MBAM, go to update tab and click "Check for updates".
    Microsoft Windows Insider MVP 2016-2019
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Jun 2007
    Posts
    19

    Default

    The "Check for Updates" button is there, but it's impossible to click on it.

  8. #8
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Are you running MBAM with adminstrator rights? If you're please try these steps:

    1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
    2. Restart system.
    3. Download and run this.
    4. It will ask to restart your computer.
    5. After reboot reinstall fresh copy of MBAM.

    See if that makes the button clickable.
    Microsoft Windows Insider MVP 2016-2019
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Jun 2007
    Posts
    19

    Default

    Hello,

    I followed those steps. When it tries to update I get an error message. The error code is this:

    732 (12029, 0)

  10. #10
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,


    Let's run OTL.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - (AfaService) -- C:\Windows\SysWOW64\afasrv64.exe ()
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
      :Files
      C:\Users\bruce\AppData\Local\uvsmbu
      C:\Users\bruce\AppData\Local\bkooab
      :Commands
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post a new OTL log


    See if you're able to run MBAM update now.
    Microsoft Windows Insider MVP 2016-2019
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •