Active Redirect Virus on Windows 7 Machine

gsmith7712 · 2010/01/13

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:25 on 13/01/2010 by Owner (Administrator - Elevation successful)

========== file ==========

wuauclt.exe - Unable to find/read file.

-=End Of File=-

broni · 2010/01/13

Let me fire up my XP to get the file for you.

gsmith7712 · 2010/01/13

OK - Thanks

broni · 2010/01/13

Attached is zipped wuauclt.exe file.
Unzip it and copy wuauclt.exe file to C:\ directory

Then....

1. Please download The Avenger to your Desktop.

Right click on the Avenger.zip folder and select "Extract All... "

Follow the prompts and extract the Avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Code:
Begin copying here:
Files to move:
C:\wuauclt.exe | C:\WINDOWS\system32\wuauclt.exe
3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.

You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.

Click on Execute

Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete ", The Avenger will actually restart your system twice.)

On reboot, it will briefly open a black command windowon your desktop, this is normal.

After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt

The Avenger will also back up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

gsmith7712 · 2010/01/13

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\wuauclt.exe" not found!
File move operation "C:\wuauclt.exe|C:\WINDOWS\system32\wuauclt.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

broni · 2010/01/13

You either didn't unzip the file, or you didn't move wuauclt.exe file to C directory:

file "C:\wuauclt.exe" not found!
Click to expand...

Please, try again.

gsmith7712 · 2010/01/14

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\wuauclt.exe|C:\WINDOWS\system32\wuauclt.exe" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

broni · 2010/01/14

Very good
Please, re-run Combofix and HJT.
Post fresh logs.

gsmith7712 · 2010/01/14

Here is the log for ComboFix. What is HJT? Thanks for all your help.

ComboFix 10-01-14.02 - Owner 01/14/2010 18:22:50.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1746 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\InternetSecurity2010
c:\program files\Smart-Shopper
c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
c:\program files\Smart-Shopper\cs\antiphishing\antiphishing.html
c:\program files\Smart-Shopper\cs\antiphishing\phishAlert.gif
c:\program files\Smart-Shopper\cs\antiphishing\x.gif
c:\program files\Smart-Shopper\cs\antiphishing\xActive.gif
c:\program files\Smart-Shopper\Uninst.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 02:29 . 2010-01-15 02:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-15 02:29 . 2010-01-15 02:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-15 02:29 . 2010-01-15 02:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-15 01:43 . 2008-05-31 07:09 731136 ----a-w- C:\avenger.exe
2010-01-14 05:23 . 2010-01-15 01:43 -------- d-----w- c:\users\Owner\AppData\Local\jZip
2010-01-14 05:23 . 2010-01-14 05:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Yahoo!
2010-01-14 05:23 . 2010-01-14 05:23 -------- d-----w- c:\programdata\Yahoo! Companion
2010-01-14 05:23 . 2010-01-14 05:23 -------- d-----w- c:\program files\Yahoo!
2010-01-14 05:23 . 2010-01-15 01:39 -------- d-----w- c:\program files\jZip
2010-01-13 05:39 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 05:39 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 21:04 . 2010-01-09 21:04 5115823 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 20:24 . 2010-01-09 20:24 52224 ----a-w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-09 20:24 . 2010-01-09 20:24 117760 ----a-w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-09 20:23 . 2010-01-09 20:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-09 20:23 . 2010-01-09 20:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-09 20:23 . 2010-01-09 20:23 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2010-01-09 20:22 . 2010-01-09 20:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 02:55 . 2010-01-09 02:55 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2010-01-09 02:55 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 02:55 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 02:55 . 2010-01-09 02:55 -------- d-----w- c:\programdata\Malwarebytes
2010-01-09 02:55 . 2010-01-09 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 01:27 . 2010-01-09 01:27 -------- d-----w- c:\users\Owner\AppData\Roaming\Uniblue
2010-01-09 00:38 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-09 00:38 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-09 00:38 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-09 00:38 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-09 00:38 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-09 00:37 . 2010-01-09 00:38 -------- d-----w- c:\users\Owner\dwhelper
2010-01-09 00:23 . 2010-01-09 00:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-01-09 00:23 . 2010-01-09 00:23 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-01-09 00:22 . 2010-01-09 00:22 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-08 08:09 . 2009-12-18 11:36 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\NAVENG.SYS
2010-01-08 08:09 . 2009-12-18 11:36 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\EECTRL.SYS
2010-01-08 08:09 . 2009-12-18 11:36 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\CCERASER.DLL
2010-01-08 08:09 . 2009-12-18 11:36 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\ECMSVR32.DLL
2010-01-08 08:09 . 2009-12-18 11:36 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\NAVENG32.DLL
2010-01-08 08:09 . 2009-12-18 11:36 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\NAVEX32A.DLL
2010-01-08 08:09 . 2009-12-18 11:36 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\NAVEX15.SYS
2010-01-08 08:09 . 2009-12-18 11:36 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\ERASER.SYS
2010-01-05 01:04 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-05 01:04 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-05 01:04 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-05 01:04 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-05 01:04 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-03 19:27 . 2010-01-03 19:27 -------- d-----r- c:\program files\Norton Support
2010-01-02 23:21 . 2009-09-01 02:29 2965536 ----a-w- c:\windows\system32\RtkAPO.dll
2010-01-02 23:21 . 2009-09-01 02:29 1292832 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-01-02 23:21 . 2009-09-01 02:29 53280 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-01-02 23:21 . 2009-09-01 02:29 338464 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-01-02 23:21 . 2009-09-01 02:18 2760224 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-01-02 23:21 . 2009-07-03 03:28 73216 ----a-w- c:\windows\system32\RTEEL32A.dll
2010-01-02 23:21 . 2009-07-03 03:28 59392 ----a-w- c:\windows\system32\RTEEG32A.dll
2010-01-02 23:21 . 2009-07-03 03:28 347648 ----a-w- c:\windows\system32\RTEEP32A.dll
2010-01-02 23:21 . 2009-07-03 03:28 164864 ----a-w- c:\windows\system32\RTEED32A.dll
2010-01-02 23:21 . 2009-08-21 03:47 266752 ----a-w- c:\windows\system32\FMAPO.dll
2010-01-01 08:33 . 2010-01-01 08:33 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-31 19:15 . 2009-08-21 08:04 189440 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2009-12-31 19:15 . 2009-03-05 22:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-31 19:05 . 2009-12-31 19:06 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2009-12-31 19:05 . 2010-01-05 01:48 -------- d-----w- c:\programdata\DriverCure
2009-12-31 19:05 . 2009-12-31 19:05 -------- d-----w- c:\programdata\ParetoLogic
2009-12-31 19:05 . 2009-12-31 19:05 -------- d-----w- c:\program files\ParetoLogic
2009-12-31 19:05 . 2009-12-31 19:05 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-30 22:11 . 2009-12-30 22:11 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-30 22:10 . 2009-12-30 22:11 -------- d-----w- c:\program files\Common Files\Real
2009-12-30 22:10 . 2009-12-30 22:10 -------- d-----w- c:\program files\Real
2009-12-30 03:41 . 2009-12-30 03:41 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-30 03:40 . 2009-12-30 21:02 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft Help
2009-12-30 01:43 . 2009-08-20 07:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-12-30 01:43 . 2009-08-20 07:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2009-12-30 01:12 . 2009-02-27 20:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll
2009-12-30 01:03 . 2009-12-30 01:03 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-30 00:44 . 2009-12-30 00:44 944797 ----a-w- c:\users\Owner\Microsoft office 7.exe
2009-12-30 00:35 . 2009-12-30 01:53 -------- d-----w- c:\users\Owner\Adobe_GS
2009-12-29 02:06 . 2009-12-29 02:06 -------- d-----w- c:\program files\Belarc
2009-12-29 00:56 . 2009-12-29 00:56 144160 ----a-w- c:\users\Owner\AppData\Roaming\Move Networks\uninstall.exe
2009-12-29 00:56 . 2009-12-30 01:49 -------- d-----w- c:\users\Owner\AppData\Roaming\Move Networks
2009-12-28 00:10 . 2009-12-31 17:06 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
2009-12-28 00:10 . 2009-12-28 00:10 -------- d-----w- c:\users\Owner\AppData\Local\Apps
2009-12-26 23:30 . 2009-12-26 23:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Media Player Classic
2009-12-26 22:57 . 2009-12-26 22:57 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-12-26 22:44 . 2009-12-26 22:44 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
2009-12-26 22:44 . 2009-12-26 22:44 -------- d-----w- c:\windows\RemotePackages
2009-12-26 22:13 . 2009-12-26 22:13 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft Corporation
2009-12-26 22:12 . 2009-12-26 22:12 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-12-26 21:18 . 2009-12-27 18:56 -------- d-----w- c:\programdata\FLEXnet
2009-12-26 20:38 . 2009-12-26 20:38 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-26 20:24 . 2009-12-26 20:24 -------- d-----w- c:\program files\Keygen
2009-12-26 20:17 . 2010-01-08 19:38 -------- d-----w- c:\programdata\SpeedBit
2009-12-26 20:17 . 2009-12-26 20:17 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-12-26 20:17 . 2009-12-26 20:18 -------- d-----w- c:\program files\DAP
2009-12-26 18:21 . 2010-01-03 21:48 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2009-12-26 18:12 . 2010-01-03 21:48 -------- d-----w- c:\users\Owner\AppData\Local\Diagnostics
2009-12-24 15:48 . 2009-12-24 15:50 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
2009-12-24 03:35 . 2009-12-24 03:35 -------- d-----w- c:\program files\VideoLAN
2009-12-24 01:36 . 2009-12-24 01:36 -------- d-----w- c:\users\Owner\AppData\Roaming\AVS4YOU
2009-12-24 01:36 . 2009-12-24 01:36 -------- d-----w- c:\programdata\AVS4YOU
2009-12-24 01:35 . 2009-12-24 01:36 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-12-24 01:35 . 2008-08-13 18:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-12-24 01:35 . 2008-08-13 18:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-12-24 01:35 . 2008-08-13 18:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-12-24 01:35 . 2009-12-24 01:36 -------- d-----w- c:\program files\AVS4YOU
2009-12-24 01:35 . 2008-08-13 18:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-12-24 01:35 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-12-24 01:25 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-24 01:25 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-24 01:25 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-24 01:25 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-24 01:24 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-12-24 01:24 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-12-24 01:24 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-12-24 01:24 . 2009-12-11 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-24 01:24 . 2009-12-24 01:27 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-20 18:03 . 2009-12-24 03:07 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-20 08:26 . 2010-01-03 18:47 -------- d-----w- c:\program files\7-Zip
2009-12-20 01:12 . 2009-12-20 01:12 -------- d-----w- c:\program files\Audible
2009-12-20 00:55 . 2009-12-29 03:46 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2009-12-20 00:55 . 2009-12-20 00:57 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2009-12-20 00:55 . 2009-12-20 00:55 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-20 00:55 . 2009-12-20 00:55 -------- d-----w- c:\program files\iTunes
2009-12-20 00:55 . 2009-12-20 00:55 -------- d-----w- c:\program files\iPod
2009-12-20 00:54 . 2009-12-20 00:54 -------- d-----w- c:\program files\Bonjour
2009-12-20 00:54 . 2009-12-20 00:55 -------- d-----w- c:\programdata\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 09:42 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-09 19:52 . 2009-09-22 08:46 -------- d-----w- c:\programdata\Microsoft Help
2010-01-09 13:05 . 2009-11-19 21:40 111792 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-03 19:28 . 2009-12-18 23:56 -------- d-----w- c:\program files\Symantec
2010-01-03 18:47 . 2009-09-02 05:47 -------- d-----w- c:\programdata\Partner
2010-01-03 18:47 . 2009-09-02 05:47 -------- d-----w- c:\program files\Google
2009-12-31 19:15 . 2009-09-22 09:11 -------- d-----w- c:\program files\Realtek
2009-12-30 22:11 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-30 22:11 . 2003-02-21 13:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-30 17:35 . 2009-09-02 05:30 -------- d-----w- c:\program files\TOSHIBA
2009-12-30 03:45 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-30 01:42 . 2009-09-02 05:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-29 00:56 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2009-12-22 01:03 . 2009-09-02 05:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-19 00:24 . 2009-12-18 23:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-18 23:56 . 2009-12-18 23:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-18 23:56 . 2009-12-18 23:56 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-18 23:56 . 2009-12-18 23:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-18 23:56 . 2009-12-18 23:56 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-18 23:56 . 2009-12-18 23:56 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-12-18 23:56 . 2009-12-18 23:56 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-12-18 23:56 . 2009-12-18 23:56 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-12-18 23:56 . 2009-12-18 23:56 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-18 23:56 . 2009-12-18 23:56 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-18 23:56 . 2009-12-18 23:56 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-12-18 23:56 . 2009-12-18 23:56 -------- d-----w- c:\program files\Norton 360
2009-12-18 23:56 . 2009-09-22 09:21 -------- d-----w- c:\programdata\Norton
2009-12-18 23:55 . 2009-09-22 09:21 -------- d-----w- c:\programdata\NortonInstaller
2009-12-18 20:48 . 2009-12-18 20:47 -------- d-----w- c:\program files\Juniper Networks
2009-12-18 20:47 . 2009-12-18 20:47 161632 ----a-w- c:\users\Owner\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2009-12-18 11:36 . 2010-01-15 01:34 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.033\NAVENG.SYS
2009-12-18 11:36 . 2010-01-15 01:34 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.033\EECTRL.SYS
2009-12-18 11:36 . 2010-01-15 01:34 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.033\CCERASER.DLL
2009-12-18 11:36 . 2010-01-15 01:34 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.033\ECMSVR32.DLL
2009-12-18 11:36 . 2010-01-15 01:34 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.033\NAVENG32.DLL
2009-12-18 11:36 . 2010-01-15 01:34 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.033\NAVEX32A.DLL
2009-12-18 11:36 . 2010-01-15 01:34 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.033\NAVEX15.SYS
2009-12-18 11:36 . 2010-01-15 01:34 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.033\ERASER.SYS
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\users\Owner\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-11-19 22:06 . 2009-11-19 22:06 -------- d-----w- c:\programdata\Geek Squad
2009-11-19 22:05 . 2009-11-19 22:05 -------- d-----w- c:\program files\MSSOAP
2009-11-19 22:05 . 2009-11-19 22:05 -------- d-----w- c:\program files\Webroot
2009-11-19 21:40 . 2009-11-19 21:40 -------- d-----w- c:\users\Owner\AppData\Roaming\ATI
2009-11-19 21:39 . 2009-11-19 21:39 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-11-19 21:39 . 2009-09-02 05:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 21:38 . 2009-11-19 21:38 -------- d-----w- c:\users\Owner\AppData\Roaming\WinBatch
2009-11-13 01:07 . 2009-11-13 01:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 22:37 . 2010-01-15 01:34 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSXpx86.sys
2009-10-28 22:37 . 2010-01-15 01:34 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2010-01-15 01:34 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\Scxpx86.dll
2009-10-28 22:37 . 2010-01-15 01:34 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSxpx86.dll
2009-10-28 22:37 . 2010-01-15 01:34 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSviA64.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-12-31 18:31 . 2009-12-31 18:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverCure "= "c:\program files\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2009-12-26 2811392]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-01 7731744]
"TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView "= "c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"Teco "= "c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosSENotify "= "c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-31 30192]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-08 429392]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-08 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\acaptuser32.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 21:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-03 07:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 12:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 20:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 05:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 00:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-30 22:11 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 17:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-09-17 23:37 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]
2009-08-07 00:05 611672 ----a-w- c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend "=2 (0x2)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/18/2009 3:56 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/18/2009 3:56 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/18/2009 3:56 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys [1/14/2010 5:34 PM 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 3:52 PM 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [9/22/2009 1:02 AM 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [8/10/2009 6:55 PM 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [3/10/2009 5:51 PM 46448]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/18/2009 3:56 PM 117640]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [8/11/2009 3:09 PM 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\System32\drivers\TVALZFL.sys [6/19/2009 6:31 PM 12920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/18/2009 4:13 PM 102448]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [9/22/2009 1:15 AM 7680]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [1/8/2010 6:55 PM 19160]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [12/31/2009 11:15 AM 189440]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/18/2009 3:56 PM 48688]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [9/17/2009 3:37 PM 111960]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/9/2010 1:04 PM 236368]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/31/2009 10:31 AM 30192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [9/22/2009 1:17 AM 51512]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [8/6/2009 4:04 PM 685424]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884126427-3540133245-3834508182-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 19:42]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884126427-3540133245-3834508182-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 19:42]

2010-01-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-01-09 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.jzip.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxp://genell.gene.com/support/webedit/lledit.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecaq50ry.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Owner\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86564841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath "= "\ "c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-14 18:33:16
ComboFix-quarantined-files.txt 2010-01-15 02:33
ComboFix2.txt 2010-01-14 01:26

Pre-Run: 269,063,204,864 bytes free
Post-Run: 269,005,156,352 bytes free

- - End Of File - - 5759EB0C45E54D119DEF67BA8C800163

broni · 2010/01/14

HJT = HijackThis
Post that while I'm looking at your Combofix log.
How is redirection?

broni · 2010/01/14

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::

File::

Folder::

Driver::

Registry::

RegLockDel::

MBR::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

gsmith7712 · 2010/01/14

Still getting re-direct

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:25 PM, on 1/14/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.jzip.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE "
O4 - HKLM\..\Run: [SmoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - http://genell.gene.com/support/webedit/lledit.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--
End of file - 9576 bytes

broni · 2010/01/14

Please, run the script from my previous reply.
Both browsers are affected?
Redirecting to any particular site?

gsmith7712 · 2010/01/15

Both browsers are affected. Generally directs to a survey site. Here are the results.

ComboFix 10-01-14.02 - Owner 01/14/2010 22:17:24.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1662 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 14:39 . 2009-12-18 11:36 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\NAVENG.SYS
2010-01-15 14:39 . 2009-12-18 11:36 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\NAVENG32.DLL
2010-01-15 14:39 . 2009-12-18 11:36 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\NAVEX32A.DLL
2010-01-15 14:39 . 2009-12-18 11:36 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\NAVEX15.SYS
2010-01-15 14:39 . 2009-12-18 11:36 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\EECTRL.SYS
2010-01-15 14:39 . 2009-12-18 11:36 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\CCERASER.DLL
2010-01-15 14:39 . 2009-12-18 11:36 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\ECMSVR32.DLL
2010-01-15 14:39 . 2009-12-18 11:36 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\ERASER.SYS
2010-01-15 06:24 . 2010-01-15 06:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-15 06:24 . 2010-01-15 06:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-15 06:24 . 2010-01-15 06:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-15 01:43 . 2008-05-31 07:09 731136 ----a-w- C:\avenger.exe
2010-01-15 01:34 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSXpx86.sys
2010-01-15 01:34 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\Scxpx86.dll
2010-01-15 01:34 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys
2010-01-15 01:34 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSxpx86.dll
2010-01-15 01:34 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSviA64.sys
2010-01-14 05:23 . 2010-01-15 01:43 -------- d-----w- c:\users\Owner\AppData\Local\jZip
2010-01-14 05:23 . 2010-01-14 05:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Yahoo!
2010-01-14 05:23 . 2010-01-14 05:23 -------- d-----w- c:\programdata\Yahoo! Companion
2010-01-14 05:23 . 2010-01-14 05:23 -------- d-----w- c:\program files\Yahoo!
2010-01-14 05:23 . 2010-01-15 01:39 -------- d-----w- c:\program files\jZip
2010-01-13 05:39 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 05:39 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-09 21:04 . 2010-01-09 21:04 5115823 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 20:24 . 2010-01-09 20:24 52224 ----a-w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-09 20:24 . 2010-01-09 20:24 117760 ----a-w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-09 20:23 . 2010-01-09 20:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-09 20:23 . 2010-01-09 20:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-09 20:23 . 2010-01-09 20:23 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2010-01-09 20:22 . 2010-01-09 20:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-09 02:55 . 2010-01-09 02:55 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2010-01-09 02:55 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 02:55 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 02:55 . 2010-01-09 02:55 -------- d-----w- c:\programdata\Malwarebytes
2010-01-09 02:55 . 2010-01-09 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 01:27 . 2010-01-09 01:27 -------- d-----w- c:\users\Owner\AppData\Roaming\Uniblue
2010-01-09 00:38 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-09 00:38 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-09 00:38 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-09 00:38 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-09 00:38 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-09 00:37 . 2010-01-09 00:38 -------- d-----w- c:\users\Owner\dwhelper
2010-01-09 00:23 . 2010-01-09 00:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-01-09 00:23 . 2010-01-09 00:23 3605256 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-01-09 00:22 . 2010-01-09 00:22 546624 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-08 08:09 . 2009-12-18 11:36 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\NAVENG.SYS
2010-01-08 08:09 . 2009-12-18 11:36 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\EECTRL.SYS
2010-01-08 08:09 . 2009-12-18 11:36 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\CCERASER.DLL
2010-01-08 08:09 . 2009-12-18 11:36 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\ECMSVR32.DLL
2010-01-08 08:09 . 2009-12-18 11:36 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\NAVENG32.DLL
2010-01-08 08:09 . 2009-12-18 11:36 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\NAVEX32A.DLL
2010-01-08 08:09 . 2009-12-18 11:36 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\NAVEX15.SYS
2010-01-08 08:09 . 2009-12-18 11:36 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.049\ERASER.SYS
2010-01-05 01:04 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-05 01:04 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-05 01:04 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-05 01:04 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-05 01:04 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-03 19:27 . 2010-01-03 19:27 -------- d-----r- c:\program files\Norton Support
2010-01-02 23:21 . 2009-09-01 02:29 2965536 ----a-w- c:\windows\system32\RtkAPO.dll
2010-01-02 23:21 . 2009-09-01 02:29 1292832 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-01-02 23:21 . 2009-09-01 02:29 53280 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-01-02 23:21 . 2009-09-01 02:29 338464 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-01-02 23:21 . 2009-09-01 02:18 2760224 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-01-02 23:21 . 2009-07-03 03:28 73216 ----a-w- c:\windows\system32\RTEEL32A.dll
2010-01-02 23:21 . 2009-07-03 03:28 59392 ----a-w- c:\windows\system32\RTEEG32A.dll
2010-01-02 23:21 . 2009-07-03 03:28 347648 ----a-w- c:\windows\system32\RTEEP32A.dll
2010-01-02 23:21 . 2009-07-03 03:28 164864 ----a-w- c:\windows\system32\RTEED32A.dll
2010-01-02 23:21 . 2009-08-21 03:47 266752 ----a-w- c:\windows\system32\FMAPO.dll
2010-01-01 08:33 . 2010-01-01 08:33 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-31 19:15 . 2009-08-21 08:04 189440 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2009-12-31 19:15 . 2009-03-05 22:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-31 19:05 . 2009-12-31 19:06 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2009-12-31 19:05 . 2010-01-05 01:48 -------- d-----w- c:\programdata\DriverCure
2009-12-31 19:05 . 2009-12-31 19:05 -------- d-----w- c:\programdata\ParetoLogic
2009-12-31 19:05 . 2009-12-31 19:05 -------- d-----w- c:\program files\ParetoLogic
2009-12-31 19:05 . 2009-12-31 19:05 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-30 22:11 . 2009-12-30 22:11 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-30 22:10 . 2009-12-30 22:11 -------- d-----w- c:\program files\Common Files\Real
2009-12-30 22:10 . 2009-12-30 22:10 -------- d-----w- c:\program files\Real
2009-12-30 03:41 . 2009-12-30 03:41 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-30 03:40 . 2009-12-30 21:02 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft Help
2009-12-30 01:43 . 2009-08-20 07:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-12-30 01:43 . 2009-08-20 07:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2009-12-30 01:12 . 2009-02-27 20:55 111992 ----a-w- c:\windows\system32\acaptuser32.dll
2009-12-30 01:03 . 2009-12-30 01:03 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-30 00:44 . 2009-12-30 00:44 944797 ----a-w- c:\users\Owner\Microsoft office 7.exe
2009-12-30 00:35 . 2009-12-30 01:53 -------- d-----w- c:\users\Owner\Adobe_GS
2009-12-29 02:06 . 2009-12-29 02:06 -------- d-----w- c:\program files\Belarc
2009-12-29 00:56 . 2009-12-29 00:56 144160 ----a-w- c:\users\Owner\AppData\Roaming\Move Networks\uninstall.exe
2009-12-29 00:56 . 2009-12-30 01:49 -------- d-----w- c:\users\Owner\AppData\Roaming\Move Networks
2009-12-28 00:10 . 2009-12-31 17:06 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
2009-12-28 00:10 . 2009-12-28 00:10 -------- d-----w- c:\users\Owner\AppData\Local\Apps
2009-12-26 23:30 . 2009-12-26 23:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Media Player Classic
2009-12-26 22:57 . 2009-12-26 22:57 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-12-26 22:44 . 2009-12-26 22:44 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
2009-12-26 22:44 . 2009-12-26 22:44 -------- d-----w- c:\windows\RemotePackages
2009-12-26 22:13 . 2009-12-26 22:13 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft Corporation
2009-12-26 22:12 . 2009-12-26 22:12 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-12-26 21:18 . 2009-12-27 18:56 -------- d-----w- c:\programdata\FLEXnet
2009-12-26 20:38 . 2009-12-26 20:38 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-26 20:24 . 2009-12-26 20:24 -------- d-----w- c:\program files\Keygen
2009-12-26 20:17 . 2010-01-08 19:38 -------- d-----w- c:\programdata\SpeedBit
2009-12-26 20:17 . 2009-12-26 20:17 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-12-26 20:17 . 2009-12-26 20:18 -------- d-----w- c:\program files\DAP
2009-12-26 18:21 . 2010-01-03 21:48 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2009-12-26 18:12 . 2010-01-03 21:48 -------- d-----w- c:\users\Owner\AppData\Local\Diagnostics
2009-12-24 15:48 . 2009-12-24 15:50 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
2009-12-24 03:35 . 2009-12-24 03:35 -------- d-----w- c:\program files\VideoLAN
2009-12-24 01:36 . 2009-12-24 01:36 -------- d-----w- c:\users\Owner\AppData\Roaming\AVS4YOU
2009-12-24 01:36 . 2009-12-24 01:36 -------- d-----w- c:\programdata\AVS4YOU
2009-12-24 01:35 . 2009-12-24 01:36 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-12-24 01:35 . 2008-08-13 18:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-12-24 01:35 . 2008-08-13 18:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-12-24 01:35 . 2008-08-13 18:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-12-24 01:35 . 2009-12-24 01:36 -------- d-----w- c:\program files\AVS4YOU
2009-12-24 01:35 . 2008-08-13 18:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-12-24 01:35 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-12-24 01:25 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-24 01:25 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-24 01:25 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-24 01:25 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-24 01:24 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-12-24 01:24 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 09:42 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-09 19:52 . 2009-09-22 08:46 -------- d-----w- c:\programdata\Microsoft Help
2010-01-09 13:05 . 2009-11-19 21:40 111792 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-03 19:28 . 2009-12-18 23:56 -------- d-----w- c:\program files\Symantec
2010-01-03 18:47 . 2009-09-02 05:47 -------- d-----w- c:\programdata\Partner
2010-01-03 18:47 . 2009-09-02 05:47 -------- d-----w- c:\program files\Google
2009-12-31 19:15 . 2009-09-22 09:11 -------- d-----w- c:\program files\Realtek
2009-12-30 22:11 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-30 22:11 . 2003-02-21 13:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-30 17:35 . 2009-09-02 05:30 -------- d-----w- c:\program files\TOSHIBA
2009-12-30 03:45 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-30 01:42 . 2009-09-02 05:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-29 00:56 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2009-12-22 01:03 . 2009-09-02 05:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-19 00:24 . 2009-12-18 23:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-18 23:56 . 2009-12-18 23:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-18 23:56 . 2009-12-18 23:56 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-18 23:56 . 2009-12-18 23:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-18 23:56 . 2009-12-18 23:56 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-18 23:56 . 2009-12-18 23:56 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-12-18 23:56 . 2009-12-18 23:56 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-12-18 23:56 . 2009-12-18 23:56 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-12-18 23:56 . 2009-12-18 23:56 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-18 23:56 . 2009-12-18 23:56 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-18 23:56 . 2009-12-18 23:56 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-12-18 23:56 . 2009-12-18 23:56 -------- d-----w- c:\program files\Norton 360
2009-12-18 23:56 . 2009-09-22 09:21 -------- d-----w- c:\programdata\Norton
2009-12-18 23:55 . 2009-09-22 09:21 -------- d-----w- c:\programdata\NortonInstaller
2009-12-18 20:48 . 2009-12-18 20:47 -------- d-----w- c:\program files\Juniper Networks
2009-12-18 20:47 . 2009-12-18 20:47 161632 ----a-w- c:\users\Owner\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\users\Owner\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-11-19 22:06 . 2009-11-19 22:06 -------- d-----w- c:\programdata\Geek Squad
2009-11-19 22:05 . 2009-11-19 22:05 -------- d-----w- c:\program files\MSSOAP
2009-11-19 22:05 . 2009-11-19 22:05 -------- d-----w- c:\program files\Webroot
2009-11-19 21:40 . 2009-11-19 21:40 -------- d-----w- c:\users\Owner\AppData\Roaming\ATI
2009-11-19 21:39 . 2009-11-19 21:39 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-11-19 21:39 . 2009-09-02 05:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-19 21:38 . 2009-11-19 21:38 -------- d-----w- c:\users\Owner\AppData\Roaming\WinBatch
2009-11-13 01:07 . 2009-11-13 01:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-12-31 18:31 . 2009-12-31 18:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_02.30.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-19 21:35 . 2010-01-15 06:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-19 21:35 . 2010-01-15 02:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-19 21:35 . 2010-01-15 06:25 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-19 21:35 . 2010-01-15 02:00 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-01-15 06:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-01-15 02:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-18 19:40 . 2010-01-15 06:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-18 19:40 . 2010-01-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-18 19:40 . 2010-01-15 06:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-18 19:40 . 2010-01-15 02:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-18 19:40 . 2010-01-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-18 19:40 . 2010-01-15 06:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-19 21:43 . 2010-01-15 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-19 21:43 . 2010-01-15 06:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-18 19:41 . 2010-01-15 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-18 19:41 . 2010-01-15 02:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-18 19:41 . 2010-01-15 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-18 19:41 . 2010-01-15 02:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-18 19:41 . 2010-01-15 02:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-18 19:41 . 2010-01-15 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-11-19 21:43 . 2010-01-15 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-19 21:43 . 2010-01-15 02:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-19 21:43 . 2010-01-15 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-19 21:43 . 2010-01-15 06:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-15 02:01 . 2010-01-15 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-15 02:01 . 2010-01-15 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-15 02:01 . 2010-01-15 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-15 02:01 . 2010-01-15 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-01-15 15:46 615360 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-01-15 02:05 615360 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-01-15 02:05 103702 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-01-15 15:46 103702 c:\windows\System32\perfc009.dat
- 2009-09-02 05:31 . 2010-01-15 02:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-02 05:31 . 2010-01-15 06:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverCure "= "c:\program files\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2009-12-26 2811392]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-01 7731744]
"TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView "= "c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"Teco "= "c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosSENotify "= "c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-31 30192]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-08 429392]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-08 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\acaptuser32.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 21:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-03 07:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 12:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 20:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 05:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-07-21 00:46 1545512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-30 22:11 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 17:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-09-17 23:37 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]
2009-08-07 00:05 611672 ----a-w- c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend "=2 (0x2)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/18/2009 3:56 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/18/2009 3:56 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/18/2009 3:56 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys [1/14/2010 5:34 PM 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [7/13/2009 3:52 PM 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [9/22/2009 1:02 AM 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [8/10/2009 6:55 PM 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [3/10/2009 5:51 PM 46448]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/18/2009 3:56 PM 117640]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [8/11/2009 3:09 PM 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\System32\drivers\TVALZFL.sys [6/19/2009 6:31 PM 12920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/18/2009 4:13 PM 102448]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [9/22/2009 1:15 AM 7680]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [1/8/2010 6:55 PM 19160]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [12/31/2009 11:15 AM 189440]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/18/2009 3:56 PM 48688]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [9/17/2009 3:37 PM 111960]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/9/2010 1:04 PM 236368]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/31/2009 10:31 AM 30192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [9/22/2009 1:17 AM 51512]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [8/6/2009 4:04 PM 685424]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884126427-3540133245-3834508182-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 19:42]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884126427-3540133245-3834508182-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 19:42]

2010-01-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-01-09 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.jzip.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxp://genell.gene.com/support/webedit/lledit.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ecaq50ry.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Owner\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86767841]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath "= "\ "c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5200)
c:\windows\System32\netshell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wwanapi.dll
c:\windows\System32\srchadmin.dll
c:\windows\System32\ieframe.dll
c:\windows\system32\FXSAPI.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
.
**************************************************************************
.
Completion time: 2010-01-15 07:52:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-15 15:52
ComboFix2.txt 2010-01-15 02:33
ComboFix3.txt 2010-01-14 01:26

Pre-Run: 269,055,328,256 bytes free
Post-Run: 268,752,400,384 bytes free

- - End Of File - - BA5576FA0B7E529D048A436A15DD51D5

broni · 2010/01/15

Turn the computer off. Disconnect modem/router from power source for 1 minute.
Restart everything.

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

gsmith7712 · 2010/01/15

Still getting re-directed. Last time was to http://www.info.com after a Yahoo search. Scan result:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, January 15, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 15, 2010 18:33:36
Records in database: 3317761
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 111355
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:37:27

File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll.vir Infected: not-a-virus:AdWare.Win32.Shopper.ax 1
C:\Qoobox\Quarantine\C\Windows\System32\helper32.dll.vir Infected: Trojan.Win32.BHO.adfc 1
C:\Users\Owner\Desktop\jZipV1c.exe Infected: not-a-virus:AdWare.Win32.Shopper.ax 1

Selected area has been scanned.

broni · 2010/01/15

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Restart computer.

==============================================================

Delete jZipV1c.exe file from your desktop.

==============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

gsmith7712 · 2010/01/15

OTL logfile created on: 1/15/2010 3:32:38 PM - Run 1
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\Owner\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 250.38 Gb Free Space | 86.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/15 15:20:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/01/15 10:52:38 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Users\Owner\AppData\Local\Temp\jkos-Owner\binaries\ScanningProcess.exe
PRC - [2009/12/31 10:31:49 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/12/26 12:17:20 | 02,811,392 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/12/18 15:56:39 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009/12/02 06:17:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/17 15:37:18 | 00,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/09/17 15:36:58 | 01,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/09/01 21:29:19 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/09/01 21:29:19 | 00,022,424 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2009/08/31 18:29:54 | 07,731,744 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/21 08:29:40 | 00,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/21 08:29:20 | 00,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/18 11:29:22 | 01,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/08/12 14:20:28 | 00,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/08/11 15:09:54 | 00,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/08/11 15:09:38 | 01,324,384 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/08/10 18:55:46 | 00,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/02 21:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/29 22:54:38 | 00,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/29 22:54:10 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 19:26:42 | 00,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 14:43:04 | 00,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 13:00:10 | 00,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 17:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 17:14:15 | 00,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/13 14:24:00 | 00,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 17:51:20 | 00,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

========== Modules (SafeList) ==========

MOD - [2010/01/15 15:20:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/07/13 17:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:21 | 00,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
MOD - [2009/07/13 17:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 17:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/31 10:31:49 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/29 17:03:57 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/18 15:56:39 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/17 15:37:18 | 00,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/21 08:29:40 | 00,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/18 11:29:22 | 01,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/08/17 09:48:42 | 00,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/12 14:20:28 | 00,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/08/11 15:09:54 | 00,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 18:55:46 | 00,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 16:04:56 | 00,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/07/29 22:54:10 | 00,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 14:43:04 | 00,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 17:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 17:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/22 10:02:20 | 00,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 17:51:20 | 00,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.jzip.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/ "
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/31 10:31:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/31 09:12:09 | 00,000,000 | ---D | M]

[2009/12/18 14:39:34 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/01/08 16:36:00 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ecaq50ry.default\extensions
[2010/01/08 16:35:54 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ecaq50ry.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/15 10:47:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/31 09:12:09 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe (ParetoLogic)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://gconnect.gene.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} http://genell.gene.com/support/webedit/lledit.cab (Livelink ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/15 15:20:32 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/01/15 15:18:05 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/15 10:39:57 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe
[2010/01/15 07:51:52 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/13 21:23:47 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\jZip
[2010/01/13 21:23:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/01/13 21:23:37 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2010/01/13 21:23:36 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/01/13 21:23:19 | 00,000,000 | ---D | C] -- C:\Program Files\jZip
[2010/01/13 17:03:37 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/01/09 12:23:27 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/09 12:23:09 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/09 12:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/09 12:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/08 18:55:50 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/01/08 18:55:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/01/08 18:55:45 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/01/08 18:55:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/08 18:55:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/08 17:27:58 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2010/01/08 16:37:12 | 00,000,000 | ---D | C] -- C:\Users\Owner\dwhelper
[2010/01/03 11:27:20 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/01/02 15:21:53 | 00,347,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEP32A.dll
[2010/01/02 15:21:53 | 00,164,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEED32A.dll
[2010/01/02 15:21:53 | 00,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEL32A.dll
[2010/01/02 15:21:53 | 00,059,392 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RTEEG32A.dll
[2010/01/02 15:21:52 | 00,266,752 | ---- | C] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll

========== Files - Modified Within 14 Days ==========

[2010/01/15 15:34:00 | 02,621,440 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/01/15 15:20:35 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/01/15 14:47:00 | 00,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-884126427-3540133245-3834508182-1000UA.job
[2010/01/15 11:47:01 | 00,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-884126427-3540133245-3834508182-1000Core.job
[2010/01/15 10:54:50 | 00,028,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/15 10:54:50 | 00,028,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/15 10:51:27 | 00,713,888 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/01/15 10:51:27 | 00,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/01/15 10:51:27 | 00,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/01/15 10:47:07 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/01/15 10:47:00 | 00,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/01/15 10:46:50 | 22,115,77856 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/15 10:40:01 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe
[2010/01/15 10:30:28 | 01,546,645 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/01/15 10:30:07 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/01/15 07:49:34 | 00,000,215 | ---- | M] () -- C:\windows\system.ini
[2010/01/13 18:00:01 | 00,000,442 | ---- | M] () -- C:\windows\tasks\ParetoLogic Registration.job
[2010/01/13 03:33:00 | 00,000,380 | ---- | M] () -- C:\windows\tasks\DriverCure.job
[2010/01/09 12:27:49 | 00,419,784 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/01/09 12:06:56 | 00,016,428 | ---- | M] () -- C:\Users\Owner\Documents\Print these instructions out.docx
[2010/01/09 05:05:09 | 00,000,416 | ---- | M] () -- C:\windows\tasks\ParetoLogic Update Version2.job
[2010/01/09 05:05:01 | 00,111,792 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/01/05 18:13:42 | 00,044,159 | ---- | M] () -- C:\Users\Owner\Documents\Continuation of Employment Record for Gary M Smith.pdf
[2010/01/05 18:12:43 | 00,012,665 | ---- | M] () -- C:\Users\Owner\Documents\Continuation of Employment Record for Gary M Smith.docx
[2010/01/05 17:51:55 | 00,041,893 | ---- | M] () -- C:\Users\Owner\Documents\Employment_Application_Form Genentech.pdf

========== Files Created - No Company Name ==========

[2010/01/14 17:43:21 | 00,731,136 | ---- | C] () -- C:\avenger.exe
[2010/01/14 17:39:52 | 00,076,407 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Smiley.ico
[2010/01/09 12:06:55 | 00,016,428 | ---- | C] () -- C:\Users\Owner\Documents\Print these instructions out.docx
[2010/01/05 18:13:36 | 00,044,159 | ---- | C] () -- C:\Users\Owner\Documents\Continuation of Employment Record for Gary M Smith.pdf
[2010/01/05 18:11:41 | 00,012,665 | ---- | C] () -- C:\Users\Owner\Documents\Continuation of Employment Record for Gary M Smith.docx
[2010/01/05 17:51:55 | 00,041,893 | ---- | C] () -- C:\Users\Owner\Documents\Employment_Application_Form Genentech.pdf
[2009/12/31 11:15:08 | 00,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/12/23 17:25:03 | 00,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/12/23 17:25:02 | 00,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2009/12/23 17:25:00 | 00,881,664 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/12/23 17:25:00 | 00,205,824 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/12/23 17:24:59 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2009/12/23 17:24:55 | 00,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/12/23 17:24:55 | 00,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2009/12/18 14:01:13 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/11/19 13:39:09 | 00,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/09/22 01:32:22 | 00,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/07/13 15:51:43 | 00,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 00,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/01/13 03:17:43 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2009/12/31 11:06:14 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2010/01/15 08:30:30 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Juniper Networks
[2010/01/08 17:27:58 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2009/11/19 13:38:47 | 00,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2010/01/13 03:33:00 | 00,000,380 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2010/01/13 18:00:01 | 00,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/01/09 05:05:09 | 00,000,416 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2009/07/13 20:53:46 | 00,015,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >
[2008/05/30 23:09:46 | 00,731,136 | ---- | M] () -- C:\avenger.exe

< MD5 for: AGP440.SYS >
[2009/07/13 17:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 17:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 17:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 17:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/01/13 01:42:20 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2010/01/13 01:42:20 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2010/01/13 01:42:20 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 17:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 17:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 17:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 17:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 17:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 17:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 17:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 17:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 17:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 17:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 17:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 17:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 17:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 17:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 17:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 17:15:13 | 00,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 17:15:13 | 00,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/13 17:15:36 | 00,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:CD060F93
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
< End of report >

--

gsmith7712 · 2010/01/15

Text too long - Next file:

TL Extras logfile created on: 1/15/2010 3:25:07 PM - Run 1
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Users\Owner\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.71 Gb Total Space | 250.36 Gb Free Space | 86.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, FranÃ§ais, Deutsch
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Presenter 7" = Adobe Presenter 7
"AudibleDownloadManager" = Audible Download Manager
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Belarc Advisor" = Belarc Advisor 8.1
"BitTorrent" = BitTorrent
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"N360" = Norton 360
"PROPLUS" = Microsoft Office Professional Plus 2007
"SnagIt7" = SnagIt 7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.2
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2010 9:05:04 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SPO.exe, version: 3.0.9.5, time stamp:
0x480c83db Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdaae Exception code: 0xe0434f4d Fault offset: 0x00009617 Faulting process id:
0xf84 Faulting application start time: 0x01ca8da1a3761aef Faulting application path:
c:\progra~1\speedo~1\SPO.exe Faulting module path: C:\windows\system32\KERNELBASE.dll
Report
Id: 85b5c452-fa5f-11de-9fb9-001e33f8ad5f

Error - 1/5/2010 9:06:42 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program vlc.exe version 0.9.2.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: b44 Start Time:
01ca8e6c58e757a3 Termination Time: 20 Application Path: C:\Program Files\VideoLAN\VLC\vlc.exe

Report
Id: b72f1dc6-fa5f-11de-9fb9-001e33f8ad5f

Error - 1/5/2010 9:07:05 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program vlc.exe version 0.9.2.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 145c Start Time:
01ca8e6c851e5c2a Termination Time: 45 Application Path: C:\Program Files\VideoLAN\VLC\vlc.exe

Report
Id: cac6c1d2-fa5f-11de-9fb9-001e33f8ad5f

Error - 1/5/2010 9:08:49 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program vlc.exe version 0.9.2.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: ecc Start Time:
01ca8e6c971cad73 Termination Time: 34 Application Path: C:\Program Files\VideoLAN\VLC\vlc.exe

Report
Id: e76b195b-fa5f-11de-9fb9-001e33f8ad5f

Error - 1/5/2010 9:10:57 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program realplay.exe version 12.0.0.343 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 504 Start
Time: 01ca8e6cfff1918f Termination Time: 12 Application Path: C:\Program Files\Real\RealPlayer\realplay.exe

Report
Id: 52e51bf7-fa60-11de-9fb9-001e33f8ad5f

Error - 1/8/2010 1:38:42 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description =

Error - 1/8/2010 2:43:35 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x08c12fb8 Faulting process id:
0x10b8 Faulting application start time: 0x01ca90918b48be03 Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: b9fe8baa-fc85-11de-b8d0-001e33f8ad5f

Error - 1/8/2010 2:47:07 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0754f3d0 Faulting process id:
0x3d4 Faulting application start time: 0x01ca90928a0fae4c Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: 38016af3-fc86-11de-b8d0-001e33f8ad5f

Error - 1/8/2010 2:47:12 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0754f3d0 Faulting process id:
0x3d4 Faulting application start time: 0x01ca90928a0fae4c Faulting application path:
C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report
Id: 3afc8582-fc86-11de-b8d0-001e33f8ad5f

Error - 1/8/2010 3:32:09 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16466,
time stamp: 0x4b04f118 Exception code: 0xc0000005 Fault offset: 0x001bb222 Faulting
process id: 0xf08 Faulting application start time: 0x01ca9092fe51910a Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 82a91fa9-fc8c-11de-b8d0-001e33f8ad5f

[ System Events ]
Error - 1/10/2010 1:23:56 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 1/10/2010 1:24:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 1/10/2010 1:44:45 PM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume TI103426W0D.

Error - 1/10/2010 1:44:47 PM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume TI103426W0D.

Error - 1/10/2010 1:44:48 PM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume TI103426W0D.

Error - 1/10/2010 2:10:52 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 1/10/2010 2:10:52 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 1/10/2010 2:11:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 1/11/2010 8:40:19 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 1/11/2010 8:40:19 PM | Computer Name = Owner-PC | Source = atikmdag | ID = 43029
Description = Display is not active

< End of report >

broni · 2010/01/15

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
[2010/01/13 18:00:01 | 00,000,442 | ---- | M] () -- C:\windows\tasks\ParetoLogic Registration.job


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Log in or Sign up

Active Redirect Virus on Windows 7 Machine

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

wuauclt.zip

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Redirect Virus on Windows 7 Machine

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

wuauclt.zip

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

gsmith7712 Inactive Thread Starter

gsmith7712 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches