1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved False Window Security Alerts

Discussion in 'Malware and Virus Removal Archive' started by Rackster, 2011/01/14.

Page 1 of 2
  1. 2011/01/14
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    [Resolved] False Window Security Alerts

    I have an HP Pavillion laptop running Windows 7 Home Premium. I have Norton 360 as my anti-virus program. Last night while on facebook a pop-up came up saying "Warning Security Alert. Windows report that computer is infected. Anti-virus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer.Your system may be at risk now." This exactly how it is written,minus the quotation marks.It also asks if I want to activate my anti-virus software now. Other pop-ups come up saying my pc is unprotected,vunerabilities found,infiltration alert etc. I ran a full scan with Norton 360 and it didn't find anything but one cookie.I tried posting here on the infected pc using Firefox as my browser,but when I tried to start a new thread it went to a **** site using IE. Any help you can give me to resolve this problem would be greatly appreciated. Thank you in advance.
     
    Rackster,
    #1
  2. 2011/01/14
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2011/01/14
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    Computer won't let me run Temp File Cleaner. The security warning says file is infected,do you want to activate anti-virus software. Can I run Malwarebytes or any of the other requested files before the Temp File Cleaner?
     
    Last edited: 2011/01/14
    Rackster,
    #3
  5. 2011/01/14
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    I suggest you wait for one of our Malware analysts to respond.
     
    PeteC,
    #4
  6. 2011/01/14
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    OK..I restarted the computer and disabled the internet and was able to run Temp File Cleaner. Ran Malwarebytes and 3 files were infected. Two were trojans and I don't remember the third. The file is not in the program files folder and I cannot access Documents and Settings to get it from there.I am the system administrator so I don't know why I'm denied access. After running GMER it stated "GMER hasn't found any system modifications ",so there is no log to post for that program. I ran the other programs and here are the results...
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 250):
    0x02C49000 \SystemRoot\system32\ntoskrnl.exe
    0x02C00000 \SystemRoot\system32\hal.dll
    0x00BB9000 \SystemRoot\system32\kdcom.dll
    0x00C0F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C53000 \SystemRoot\system32\PSHED.dll
    0x00C67000 \SystemRoot\system32\CLFS.SYS
    0x00CC5000 \SystemRoot\system32\CI.dll
    0x00EC3000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F67000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F76000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FCD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FD6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E40000 \SystemRoot\system32\DRIVERS\isapnp.sys
    0x00E49000 \SystemRoot\system32\DRIVERS\mpio.sys
    0x00E73000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E88000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E91000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E9D000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D85000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00EB2000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x00FE0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FF0000 \SystemRoot\system32\DRIVERS\aliide.sys
    0x00FF7000 \SystemRoot\system32\DRIVERS\amdide.sys
    0x00EBA000 \SystemRoot\system32\DRIVERS\cmdide.sys
    0x00DE1000 \SystemRoot\System32\drivers\mountmgr.sys
    0x0108A000 \SystemRoot\system32\DRIVERS\msdsm.sys
    0x010B0000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x010D9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01109000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x01110000 \SystemRoot\system32\DRIVERS\viaide.sys
    0x0127E000 \SystemRoot\system32\DRIVERS\iaStorV.sys
    0x0139C000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x013A5000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x013CF000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
    0x01200000 \SystemRoot\system32\DRIVERS\storport.sys
    0x01262000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x01118000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
    0x0112F000 \SystemRoot\system32\DRIVERS\adp94xx.sys
    0x011AA000 \SystemRoot\system32\DRIVERS\adpahci.sys
    0x01000000 \SystemRoot\system32\DRIVERS\adpu320.sys
    0x0102F000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x0142D000 \SystemRoot\system32\DRIVERS\amdsbs.sys
    0x01474000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0147F000 \SystemRoot\system32\DRIVERS\arc.sys
    0x01498000 \SystemRoot\system32\DRIVERS\arcsas.sys
    0x014B3000 \SystemRoot\system32\DRIVERS\elxstor.sys
    0x0153A000 \SystemRoot\system32\DRIVERS\iirsp.sys
    0x0154B000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
    0x0156A000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    0x0157D000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    0x0159C000 \SystemRoot\system32\DRIVERS\megasas.sys
    0x01650000 \SystemRoot\system32\DRIVERS\MegaSR.sys
    0x016F4000 \SystemRoot\system32\DRIVERS\nfrd960.sys
    0x01704000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x01833000 \SystemRoot\system32\DRIVERS\ql2300.sys
    0x0172F000 \SystemRoot\system32\DRIVERS\ql40xx.sys
    0x019D7000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    0x019E5000 \SystemRoot\system32\DRIVERS\sisraid4.sys
    0x01800000 \SystemRoot\system32\DRIVERS\stexstor.sys
    0x0178E000 \SystemRoot\system32\DRIVERS\vsmraid.sys
    0x01600000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0180A000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01A4E000 \SystemRoot\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
    0x01AB5000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x01C52000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01AC1000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01C00000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01B1F000 \SystemRoot\System32\Drivers\cng.sys
    0x01C1A000 \SystemRoot\System32\drivers\pcw.sys
    0x01C2B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01E36000 \SystemRoot\system32\drivers\ndis.sys
    0x01F28000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01F88000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x02001000 \SystemRoot\System32\drivers\tcpip.sys
    0x01FB3000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01E00000 \SystemRoot\system32\DRIVERS\wd.sys
    0x01B92000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01E08000 \SystemRoot\System32\Drivers\spldr.sys
    0x01E10000 \SystemRoot\system32\DRIVERS\sbp2port.sys
    0x01A00000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01C35000 \SystemRoot\System32\Drivers\mup.sys
    0x01E2D000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01C47000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x017B8000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01BDE000 \SystemRoot\system32\DRIVERS\disk.sys
    0x015A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x017F2000 \SystemRoot\System32\Drivers\Null.SYS
    0x015D2000 \SystemRoot\System32\Drivers\Beep.SYS
    0x015D9000 \SystemRoot\System32\drivers\vga.sys
    0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x015E7000 \SystemRoot\System32\drivers\watchdog.sys
    0x015F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0126D000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x013EC000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x013F5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0104D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0105E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0107C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03496000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
    0x034E2000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x03518000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
    0x03528000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
    0x0354A000 \SystemRoot\system32\drivers\afd.sys
    0x03400000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03445000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0344E000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03474000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x0348A000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x035D4000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x035E3000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x042D0000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x042E4000 \SystemRoot\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
    0x042F8000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04349000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x04355000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x04360000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110113.001\IDSvia64.sys
    0x04200000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x04276000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x0429B000 \SystemRoot\System32\drivers\discache.sys
    0x042AA000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04489000 \SystemRoot\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
    0x0451C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x0452D000 \SystemRoot\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
    0x04584000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x045AA000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x045C0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0467E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x050DB000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05000000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x05046000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x05053000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x050A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x051CF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0526D000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
    0x059CC000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x0523D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0525B000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x059D9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04D86000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x059E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x059EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x050BA000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x051F3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x04DCF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04DD8000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x04DE4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04616000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0463A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04646000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x045C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04400000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04421000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x059F9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0443B000 \SystemRoot\system32\DRIVERS\ks.sys
    0x045E0000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x043DB000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05E8C000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05EE6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05EFB000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x05F76000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x05FB3000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x05FD5000 \SystemRoot\system32\drivers\ksthunk.sys
    0x07E08000 \SystemRoot\system32\DRIVERS\agrsm64.sys
    0x07F39000 \SystemRoot\system32\drivers\modem.sys
    0x07F48000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x07F6F000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x07F80000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x07F99000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x07FA2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x07FB0000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x07FBD000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x07FCB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x07FD7000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x07FE2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00050000 \SystemRoot\System32\win32k.sys
    0x05FDB000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05E00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05E2B000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x05E59000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005B0000 \SystemRoot\System32\TSDDD.dll
    0x00710000 \SystemRoot\System32\cdd.dll
    0x008D0000 \SystemRoot\System32\ATMFD.DLL
    0x05E67000 \SystemRoot\system32\drivers\luafv.sys
    0x028A8000 \SystemRoot\system32\drivers\WudfPf.sys
    0x028C9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x028DE000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02931000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02944000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0x02950000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x0295C000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02E2D000 \SystemRoot\system32\drivers\HTTP.sys
    0x02EF5000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02F13000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02F2B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02F58000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02FA6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x02800000 \SystemRoot\system32\drivers\peauth.sys
    0x02FC9000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x02E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x02FD4000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x02974000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x09264000 \SystemRoot\System32\DRIVERS\srv.sys
    0x092FA000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
    0x0981B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110113.036\EX64.SYS
    0x099D5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110113.036\ENG64.SYS
    0x09800000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x773B0000 \Windows\System32\ntdll.dll
    0x47840000 \Windows\System32\smss.exe
    0xFF6D0000 \Windows\System32\apisetschema.dll
    0xFF6D0000 \Windows\System32\apisetschema.dll
    0xFF690000 \Windows\System32\imm32.dll
    0xFF4B0000 \Windows\System32\setupapi.dll
    0xFF490000 \Windows\System32\sechost.dll
    0x77580000 \Windows\System32\psapi.dll
    0xFF480000 \Windows\System32\nsi.dll
    0xFF3E0000 \Windows\System32\clbcatq.dll
    0xFF390000 \Windows\System32\ws2_32.dll
    0xFF2B0000 \Windows\System32\oleaut32.dll
    0x77150000 \Windows\System32\iertutil.dll
    0xFF0A0000 \Windows\System32\ole32.dll
    0x77570000 \Windows\System32\normaliz.dll
    0x77010000 \Windows\System32\urlmon.dll
    0xFF080000 \Windows\System32\imagehlp.dll
    0xFF070000 \Windows\System32\lpk.dll
    0xFEFF0000 \Windows\System32\difxapi.dll
    0xFEEC0000 \Windows\System32\rpcrt4.dll
    0xFEE50000 \Windows\System32\gdi32.dll
    0xFEE00000 \Windows\System32\Wldap32.dll
    0xFED60000 \Windows\System32\msvcrt.dll
    0xFEC50000 \Windows\System32\msctf.dll
    0xFEB80000 \Windows\System32\usp10.dll
    0xFDDF0000 \Windows\System32\shell32.dll
    0xFDD50000 \Windows\System32\comdlg32.dll
    0x76F10000 \Windows\System32\user32.dll
    0x76DB0000 \Windows\System32\wininet.dll
    0xFDCD0000 \Windows\System32\shlwapi.dll
    0x76C90000 \Windows\System32\kernel32.dll
    0xFDBF0000 \Windows\System32\advapi32.dll
    0xFDB80000 \Windows\System32\KernelBase.dll
    0xFDB40000 \Windows\System32\xmllite.dll
    0xFDAA0000 \Windows\System32\comctl32.dll
    0xFDA60000 \Windows\System32\cfgmgr32.dll
    0xFDA40000 \Windows\System32\devobj.dll
    0xFD8D0000 \Windows\System32\crypt32.dll
    0xFD890000 \Windows\System32\wintrust.dll
    0xFD880000 \Windows\System32\msasn1.dll
    0x75160000 \Windows\SysWOW64\normaliz.dll

    Processes (total 66):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    392 csrss.exe
    456 C:\Windows\System32\wininit.exe
    472 csrss.exe
    512 C:\Windows\System32\services.exe
    528 C:\Windows\System32\lsass.exe
    536 C:\Windows\System32\lsm.exe
    636 C:\Windows\System32\svchost.exe
    724 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\svchost.exe
    856 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
    1008 C:\Windows\System32\winlogon.exe
    304 C:\Windows\System32\svchost.exe
    532 C:\Windows\System32\hpservice.exe
    448 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\spoolsv.exe
    1360 C:\Windows\System32\svchost.exe
    1460 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    1488 C:\Program Files\LSI SoftModem\agr64svc.exe
    1508 C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    1604 C:\Windows\System32\svchost.exe
    1644 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1684 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    1740 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2144 C:\Windows\System32\taskhost.exe
    2196 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    2240 C:\Windows\System32\dwm.exe
    2260 C:\Windows\explorer.exe
    2740 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2748 C:\Program Files\IDT\WDM\sttray64.exe
    2756 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2764 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    3020 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    3048 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3064 C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
    2052 C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
    2952 C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
    3384 C:\Windows\System32\svchost.exe
    3424 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3472 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    3568 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3880 C:\Windows\System32\SearchIndexer.exe
    3144 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    2056 C:\Windows\System32\svchost.exe
    3116 WmiPrvSE.exe
    3216 C:\Windows\System32\taskeng.exe
    4208 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    4216 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    4308 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4516 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    4776 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    1028 C:\Windows\System32\svchost.exe
    2784 C:\Windows\System32\audiodg.exe
    3772 <unknown>
    4716 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2236 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    3916 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    3328 C:\Windows\System32\SearchProtocolHost.exe
    3896 C:\Windows\System32\SearchFilterHost.exe
    4872 C:\Users\Owner\Desktop\MBRCheck.exe
    2456 C:\Windows\System32\conhost.exe
    3912 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`42800000 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG002C

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
    SHA1: 6867994079559EA37F709AAAF268276C24DD013E

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Owner at 10:29:34.73 on Fri 01/14/2011
    Internet Explorer: 9.0.7930.16406
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2655 [GMT -5:00]

    AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
    C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://m.www.yahoo.com/
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
    uInternet Settings,ProxyServer = http=127.0.0.1:8075
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    BHO: TTB000000: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - TTB000000 Class
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} -
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam "
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover "
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [<NO NAME>]
    mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe "
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe "
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    uPolicies-system: WallpaperStyle = 2
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: cinemanow.com
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe "
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1ijmvouw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-4 55280]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0308000.029\SymEFA64.sys [2010-3-21 402992]
    R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\N360x64\0308000.029\BHDrvx64.sys [2010-3-21 334384]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0308000.029\cchpx64.sys [2010-3-21 583296]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110113.001\IDSviA64.sys [2011-1-13 476792]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-8-25 89600]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-3-21 117640]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-26 132656]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
    R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\N360x64\0308000.029\symndisv.sys [2010-3-21 56880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-13 136176]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
    S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-8-25 7058432]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-25 233472]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-6 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

    =============== Created Last 30 ================

    2011-01-14 14:26:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2011-01-14 14:26:37 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-14 14:26:37 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-01-14 14:26:34 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-01-14 14:26:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-01-14 10:50:34 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{1E510EA1-9DC5-4BC6-BFB7-B225D61E82A3}\mpengine.dll
    2011-01-13 19:01:53 -------- d-----w- C:\Program Files (x86)\ysmd
    2011-01-13 01:00:54 -------- d-----w- C:\Users\Owner\AppData\Local\Google
    2010-12-25 14:42:00 153600 ----a-w- C:\Windows\SysWow64\IS_ContextMenu.dll
    2010-12-25 14:41:55 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
    2010-12-25 14:41:55 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
    2010-12-25 14:41:55 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
    2010-12-25 14:41:53 -------- d-----w- C:\Program Files (x86)\iSkysoft

    ==================== Find3M ====================

    2010-11-09 03:55:57 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
    2010-11-09 03:52:06 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2010-11-02 05:18:33 1137664 ----a-w- C:\Windows\System32\FntCache.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:18:05 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2010-11-02 05:17:48 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2010-11-02 05:17:48 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2010-11-02 05:17:47 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2010-11-02 05:17:47 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
    2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-11-02 04:26:00 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2010-11-02 04:25:43 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2010-11-02 04:25:43 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2010-11-02 04:25:43 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2010-11-02 04:25:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2010-11-01 23:03:02 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2010-11-01 22:59:07 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/24/2009 9:28:25 AM
    System Uptime: 1/14/2011 9:39:07 AM (1 hours ago)

    Motherboard: Quanta | | 3627
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 453 GiB total, 409.012 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.127 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel

    ==== System Restore Points ===================

    RP148: 12/14/2010 6:46:35 AM - Windows Update
    RP149: 12/16/2010 6:22:39 AM - Windows Update
    RP150: 12/17/2010 6:54:30 AM - Windows Update
    RP151: 12/17/2010 3:17:46 PM - Windows Update
    RP152: 12/21/2010 7:42:19 AM - Windows Update
    RP153: 12/24/2010 7:24:18 AM - Windows Update
    RP154: 12/28/2010 10:06:16 AM - Windows Update
    RP155: 12/30/2010 3:08:09 AM - Windows Update
    RP156: 12/31/2010 11:49:18 AM - Windows Update
    RP157: 1/4/2011 6:41:44 AM - Windows Update
    RP158: 1/7/2011 6:15:35 AM - Windows Update
    RP159: 1/11/2011 5:48:20 AM - Windows Update
    RP160: 1/13/2011 5:58:01 AM - Windows Update
    RP161: 1/13/2011 11:24:20 PM - Norton 360 Registry Clean
    RP162: 1/14/2011 5:50:11 AM - Windows Update

    ==== Installed Programs ======================

    Activate Norton Online Backup
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1 MUI
    Avanquest update
    Calendar Builder
    CinemaNow Media Manager
    Cisco Network Magic
    CoffeeCup HTML Editor
    Coupon Printer for Windows
    CouponBar
    CyberLink DVD Suite
    D3DX10
    DHTML Editing Component
    DirectX 9 Runtime
    Feedback Tool
    GEAR driver installer for x86 and x64
    Geek Squad 24 Hour Computer Support
    GoldWave v5.55
    Google Chrome
    Google Earth
    Google Update Helper
    HP Customer Experience Enhancements
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Live TV
    HP MediaSmart Movie Themes
    HP MediaSmart Music/Photo/Video
    HP MediaSmart Webcam
    HP Quick Launch Buttons
    HP Setup
    HP Smart Web Printing
    HP Update
    HP Wireless Assistant
    IDT Audio
    Internet TV for Windows Media Center
    iSkysoft iMedia Converter(Build 3.0.3.0)
    Jasc Paint Shop Pro 8
    Java(TM) 6 Update 17
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    LimeWire 5.4.6
    Lizard Safeguard - PDF Viewer 2.5.122
    Malwarebytes' Anti-Malware
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mobile Studio
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network Magic
    Norton 360
    PaltalkScene
    Power2Go
    PowerDirector
    PowerRecover
    Pure Networks Platform
    QLBCASL
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Ringtone Media Studio
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Burn Manager
    Roxio Burn Manager CDB
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Creator 2010
    Roxio Creator 2010 Content
    Roxio PhotoShow
    Roxio Venue
    Roxio Video Capture USB
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SlingBoxWatchYourTVAnyWhere
    SmartSound Quicktracks Plugin
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    Yahoo Satellite Maps Downloader 5.19
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    1/14/2011 9:40:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
    1/14/2011 9:22:07 AM, Error: Service Control Manager [7034] - The CinemaNow Service service terminated unexpectedly. It has done this 1 time(s).
    1/14/2011 5:39:40 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -Embedding
    1/14/2011 5:39:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nmservice service.

    ==== End Of File ===========================
     
    Rackster,
    #5
  7. 2011/01/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    I still need to see Malwarebytes log.
     
    broni,
    #6
  8. 2011/01/14
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    How can I access it if the Documents and Settings folder is locked? I am the administrator but it still won't let me in. How do you unlock the folder? For the record the computer is running fine now,but I would like the Malwarebytes log to be looked at.
     
    Rackster,
    #7
  9. 2011/01/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    When MBAM is done, it produces a pop-up - Notepad with a log inside.
    Re-run MBAM and post fresh log.
     
    broni,
    #8
  10. 2011/01/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    When MBAM is done, it produces a pop-up - Notepad with a log inside.
    Re-run MBAM and post fresh log.
     
    broni,
    #9
  11. 2011/01/14
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    Thanks Broni...here is the file from the second running of Malwarebytes..
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5522

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    1/14/2011 7:54:57 PM
    mbam-log-2011-01-14 (19-54-57).txt

    Scan type: Quick scan
    Objects scanned: 179171
    Time elapsed: 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Rackster,
    #10
  12. 2011/01/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #11
  13. 2011/01/14
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    Broni...When I ran the program it stated Norton 360 was still running but I had it disabled. Also in the instructins you said Combofix will disconnect your machine from the internet as soon as it starts. It didn't. Just wanted to let you know these two things in case they were important. Here are the results of the scan....
    ComboFix 11-01-14.01 - Owner 01/14/2011 21:38:38.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2782 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Owner\AppData\Roaming\.#
    c:\users\Public\videos\HP MediaSmart Demo.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))))
    .

    2011-01-15 02:35 . 2011-01-15 02:37 -------- d-----w- C:\32788R22FWJFW
    2011-01-14 14:26 . 2011-01-14 14:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2011-01-14 14:26 . 2011-01-14 14:26 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-14 14:26 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-14 14:26 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-14 14:26 . 2011-01-15 00:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-01-14 10:50 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E510EA1-9DC5-4BC6-BFB7-B225D61E82A3}\mpengine.dll
    2011-01-13 19:08 . 2011-01-13 19:08 -------- d-----w- c:\program files (x86)\Google
    2011-01-13 19:01 . 2011-01-13 19:01 -------- d-----w- c:\program files (x86)\ysmd
    2011-01-13 01:00 . 2011-01-13 19:09 -------- d-----w- c:\users\Owner\AppData\Local\Google
    2011-01-12 17:46 . 2011-01-12 17:46 -------- d-----w- c:\users\Robert\AppData\Local\Mozilla
    2010-12-25 14:42 . 2010-09-19 15:58 153600 ----a-w- c:\windows\SysWow64\IS_ContextMenu.dll
    2010-12-25 14:41 . 2010-09-19 15:58 892928 ----a-w- c:\windows\SysWow64\iconv.dll
    2010-12-25 14:41 . 2010-09-19 15:58 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax
    2010-12-25 14:41 . 2010-09-19 15:58 496640 ----a-w- c:\windows\SysWow64\xvid.ax
    2010-12-25 14:41 . 2010-12-25 14:41 -------- d-----w- c:\program files (x86)\iSkysoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-09 03:55 . 2010-12-07 10:45 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-09 03:52 . 2010-12-07 10:45 2381824 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 05:18 . 2010-12-15 11:40 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 05:17 . 2010-12-15 11:40 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 05:17 . 2010-12-15 11:40 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 05:16 . 2010-12-15 11:40 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 05:10 . 2010-12-15 11:40 464384 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 05:10 . 2010-12-15 11:40 285696 ----a-w- c:\windows\system32\schtasks.exe
    2010-11-02 04:40 . 2010-12-15 11:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40 . 2010-12-15 11:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:34 . 2010-12-15 11:40 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34 . 2010-12-15 11:40 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2010-11-01 23:03 . 2010-12-07 10:45 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2010-11-01 22:59 . 2010-12-07 10:45 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-10-27 05:06 . 2010-12-15 11:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-27 04:32 . 2010-12-15 11:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2010-10-20 05:20 . 2010-12-15 11:40 46080 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 04:54 . 2010-12-15 11:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2010-10-20 03:09 . 2010-12-15 11:40 3124224 ----a-w- c:\windows\system32\win32k.sys
    2010-10-20 03:05 . 2010-12-15 11:40 367104 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-20 02:58 . 2010-12-15 11:40 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-10-19 15:41 . 2009-12-24 14:48 270720 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel "= "c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
    "Google Update "= "c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-13 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu "= "c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "QlbCtrl.exe "= "c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
    "NortonOnlineBackupReminder "= "c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
    "UpdatePRCShortCut "= "c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "WirelessAssistant "= "c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "CPMonitor "= "c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
    "Desktop Disc Tool "= "c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle "= 2

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @= "FSFilter Activity Monitor "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 11:47 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 21:50 54576 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 09:17 149280 ----a-w- c:\program files (x86)\Java\jre6\bin\jusched.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
    R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-06 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS [2010-01-20 402992]
    S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys [2010-01-20 334384]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360x64\0308000.029\ccHPx64.sys [2010-01-20 583296]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110113.001\IDSvia64.sys [2010-11-09 476792]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-01-20 117640]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 132656]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [2010-01-20 56880]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 19:08]

    2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 19:08]

    2011-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851764498-1324963235-3280204597-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 01:00]

    2011-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851764498-1324963235-3280204597-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 01:00]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp "= "c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SmartMenu "= "c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://m.www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=127.0.0.1:8075
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: cinemanow.com
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1ijmvouw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath "= "\ "c:\program files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files (x86)\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1 "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-14 21:45:07
    ComboFix-quarantined-files.txt 2011-01-15 02:45

    Pre-Run: 438,638,518,272 bytes free
    Post-Run: 438,273,417,216 bytes free

    - - End Of File - - 76B0693DEB01DCC253111DB97A7B8A98
     
    Rackster,
    #12
  14. 2011/01/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Glitches happen sometimes :)
    You did fine...

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8075
uInternet Settings,ProxyOverride = <local>

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #13
  15. 2011/01/14
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    Here it is...
    ComboFix 11-01-14.01 - Owner 01/14/2011 22:46:05.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2624 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\users\Owner\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))))
    .

    2011-01-15 03:49 . 2011-01-15 03:49 -------- d-----w- c:\users\Robert\AppData\Local\temp
    2011-01-15 03:49 . 2011-01-15 03:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-01-15 03:49 . 2011-01-15 03:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-14 14:26 . 2011-01-14 14:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2011-01-14 14:26 . 2011-01-14 14:26 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-14 14:26 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-01-14 14:26 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-14 14:26 . 2011-01-15 00:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-01-14 10:50 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E510EA1-9DC5-4BC6-BFB7-B225D61E82A3}\mpengine.dll
    2011-01-13 19:08 . 2011-01-13 19:08 -------- d-----w- c:\program files (x86)\Google
    2011-01-13 19:01 . 2011-01-13 19:01 -------- d-----w- c:\program files (x86)\ysmd
    2011-01-13 01:00 . 2011-01-13 19:09 -------- d-----w- c:\users\Owner\AppData\Local\Google
    2011-01-12 17:46 . 2011-01-12 17:46 -------- d-----w- c:\users\Robert\AppData\Local\Mozilla
    2010-12-25 14:42 . 2010-09-19 15:58 153600 ----a-w- c:\windows\SysWow64\IS_ContextMenu.dll
    2010-12-25 14:41 . 2010-09-19 15:58 892928 ----a-w- c:\windows\SysWow64\iconv.dll
    2010-12-25 14:41 . 2010-09-19 15:58 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax
    2010-12-25 14:41 . 2010-09-19 15:58 496640 ----a-w- c:\windows\SysWow64\xvid.ax
    2010-12-25 14:41 . 2010-12-25 14:41 -------- d-----w- c:\program files (x86)\iSkysoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-09 03:55 . 2010-12-07 10:45 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-09 03:52 . 2010-12-07 10:45 2381824 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 05:18 . 2010-12-15 11:40 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 05:17 . 2010-12-15 11:40 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 05:17 . 2010-12-15 11:40 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 05:16 . 2010-12-15 11:40 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 05:10 . 2010-12-15 11:40 464384 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 05:10 . 2010-12-15 11:40 285696 ----a-w- c:\windows\system32\schtasks.exe
    2010-11-02 04:40 . 2010-12-15 11:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40 . 2010-12-15 11:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:34 . 2010-12-15 11:40 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34 . 2010-12-15 11:40 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2010-11-01 23:03 . 2010-12-07 10:45 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2010-11-01 22:59 . 2010-12-07 10:45 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-10-27 05:06 . 2010-12-15 11:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-27 04:32 . 2010-12-15 11:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2010-10-20 05:20 . 2010-12-15 11:40 46080 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 04:54 . 2010-12-15 11:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2010-10-20 03:09 . 2010-12-15 11:40 3124224 ----a-w- c:\windows\system32\win32k.sys
    2010-10-20 03:05 . 2010-12-15 11:40 367104 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-20 02:58 . 2010-12-15 11:40 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-10-19 15:41 . 2009-12-24 14:48 270720 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel "= "c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
    "Google Update "= "c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-13 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu "= "c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "QlbCtrl.exe "= "c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
    "NortonOnlineBackupReminder "= "c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
    "UpdatePRCShortCut "= "c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "WirelessAssistant "= "c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "CPMonitor "= "c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
    "Desktop Disc Tool "= "c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle "= 2

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @= "FSFilter Activity Monitor "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 11:47 35760 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 21:50 54576 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 09:17 149280 ----a-w- c:\program files (x86)\Java\jre6\bin\jusched.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
    R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-06 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS [2010-01-20 402992]
    S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys [2010-01-20 334384]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360x64\0308000.029\ccHPx64.sys [2010-01-20 583296]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110113.001\IDSvia64.sys [2010-11-09 476792]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-01-20 117640]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 132656]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [2010-01-20 56880]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 19:08]

    2011-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 19:08]

    2011-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851764498-1324963235-3280204597-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 01:00]

    2011-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851764498-1324963235-3280204597-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 01:00]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp "= "c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SmartMenu "= "c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://m.www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: cinemanow.com
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\1ijmvouw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath "= "\ "c:\program files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files (x86)\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1 "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-14 22:51:53
    ComboFix-quarantined-files.txt 2011-01-15 03:51
    ComboFix2.txt 2011-01-15 02:45

    Pre-Run: 438,323,974,144 bytes free
    Post-Run: 438,269,247,488 bytes free

    - - End Of File - - 350A50A30E83F706FBD4518A07E92647
     
    Rackster,
    #14
  16. 2011/01/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #15
  17. 2011/01/15
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    The computer is running fine. Here is the OTL report...

    OTL logfile created on: 1/15/2011 12:56:33 AM - Run 2
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.7930.16406)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.84 Gb Total Space | 408.23 Gb Free Space | 90.15% Space Free | Partition Type: NTFS
    Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/15 00:50:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2010/01/20 17:02:22 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    PRC - [2009/07/23 22:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2009/07/23 13:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/07/21 11:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
    PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/15 00:50:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/07/21 20:33:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/08 15:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2009/03/02 16:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/20 17:02:22 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
    SRV - [2009/07/24 08:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
    SRV - [2009/07/24 08:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
    SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/03/21 11:15:27 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/03/21 11:14:53 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2010/01/20 17:02:23 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/01/20 17:02:23 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
    DRV:64bit: - [2010/01/20 17:02:23 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
    DRV:64bit: - [2010/01/20 17:02:23 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
    DRV:64bit: - [2010/01/20 17:02:23 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
    DRV:64bit: - [2010/01/20 17:02:23 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2010/01/20 17:02:23 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
    DRV:64bit: - [2010/01/20 17:02:22 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
    DRV:64bit: - [2010/01/20 17:02:22 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
    DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
    DRV:64bit: - [2009/08/13 21:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/21 20:33:00 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/07/20 18:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
    DRV:64bit: - [2009/07/14 18:16:00 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/07/13 17:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/08 15:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2009/07/08 15:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2009/07/07 13:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
    DRV:64bit: - [2009/07/07 13:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
    DRV:64bit: - [2009/06/29 13:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/26 07:13:00 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV - [2010/12/16 04:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110114.023\EX64.SYS -- (NAVEX15)
    DRV - [2010/12/16 04:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110114.023\ENG64.SYS -- (NAVENG)
    DRV - [2010/11/08 19:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110114.002\IDSviA64.sys -- (IDSVia64)
    DRV - [2010/05/26 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2010/05/26 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
    IE - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 03:53:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 14:27:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 09:28:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 09:32:27 | 000,000,000 | ---D | M]

    [2010/12/01 06:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2010/01/31 10:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2010/12/01 06:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\1ijmvouw.default\extensions
    [2011/01/14 09:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2009/08/09 03:53:36 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
    [2010/04/26 14:27:08 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
    [2011/01/14 09:39:32 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe ()
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: qflix.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: roxio.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
    O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.119.11 156.154.129.11
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/15 00:50:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/01/14 22:44:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/14 21:37:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/14 21:37:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/14 21:37:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/14 21:37:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/14 21:36:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/14 19:52:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup(2).exe
    [2011/01/14 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2011/01/14 09:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/14 09:26:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/01/14 09:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/01/14 09:26:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/01/14 09:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/01/14 08:36:44 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
    [2011/01/14 08:34:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe
    [2011/01/13 14:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2011/01/13 14:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2011/01/13 14:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ysmd
    [2011/01/13 14:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo Satellite Maps Downloader
    [2011/01/12 20:02:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/01/12 20:00:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
    [2011/01/12 06:46:44 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2011/01/12 06:46:44 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
    [2011/01/12 06:46:44 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2011/01/12 06:46:44 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
    [2011/01/12 06:46:44 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2011/01/12 06:46:43 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2011/01/12 06:46:43 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
    [2011/01/12 06:46:43 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2011/01/12 06:46:43 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2011/01/12 06:46:43 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2011/01/12 06:46:43 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2011/01/12 06:46:42 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2011/01/12 06:46:42 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2011/01/12 06:46:42 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
    [2011/01/12 06:46:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2011/01/12 06:46:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
    [2011/01/12 06:46:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2011/01/12 06:46:42 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2011/01/12 06:46:26 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
    [2011/01/12 06:46:26 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
    [2010/12/25 09:42:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\iSkysoft iMedia Converter
    [2010/12/25 09:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
    [2010/12/25 09:41:55 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
    [2010/12/25 09:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft

    ========== Files - Modified Within 30 Days ==========

    [2011/01/15 00:50:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/01/15 00:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/15 00:05:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-851764498-1324963235-3280204597-1000UA.job
    [2011/01/14 21:32:59 | 004,154,944 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/01/14 20:05:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-851764498-1324963235-3280204597-1000Core.job
    [2011/01/14 19:53:34 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/14 19:52:34 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup(2).exe
    [2011/01/14 18:32:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/14 14:25:41 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/14 10:29:21 | 000,624,128 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
    [2011/01/14 10:26:54 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
    [2011/01/14 09:47:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/14 09:47:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/14 09:41:19 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\7s9z7yw1.exe
    [2011/01/14 09:13:57 | 000,396,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/01/14 08:36:45 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
    [2011/01/14 08:34:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe
    [2011/01/13 14:09:27 | 000,002,244 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011/01/13 14:01:54 | 000,000,855 | ---- | M] () -- C:\Users\Owner\Desktop\Yahoo Satellite Maps Downloader.lnk
    [2011/01/12 20:02:12 | 000,002,274 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [2011/01/12 12:09:20 | 000,329,711 | ---- | M] () -- C:\Users\Owner\Desktop\DSCN0078.JPG
    [2011/01/10 05:55:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2011/01/08 00:50:34 | 000,014,192 | ---- | M] () -- C:\Users\Owner\Documents\Bats 2011 Info.docx
    [2010/12/27 15:09:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/12/27 15:09:40 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/12/27 15:09:40 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/12/25 09:42:02 | 000,001,241 | ---- | M] () -- C:\Users\Owner\Desktop\iSkysoft iMedia Converter.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/12/18 22:05:48 | 000,041,893 | ---- | M] () -- C:\Users\Owner\Desktop\jonny.jpg

    ========== Files Created - No Company Name ==========

    [2011/01/14 21:37:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/14 21:37:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/14 21:37:49 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/14 21:37:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/14 21:37:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/14 21:32:45 | 004,154,944 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/01/14 10:29:19 | 000,624,128 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
    [2011/01/14 10:26:53 | 000,080,384 | ---- | C] () -- C:\Users\Owner\Desktop\MBRCheck.exe
    [2011/01/14 09:41:16 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\7s9z7yw1.exe
    [2011/01/14 09:26:38 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/13 14:09:27 | 000,002,244 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011/01/13 14:08:16 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/13 14:08:15 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/13 14:01:54 | 000,000,855 | ---- | C] () -- C:\Users\Owner\Desktop\Yahoo Satellite Maps Downloader.lnk
    [2011/01/12 20:02:12 | 000,002,274 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [2011/01/12 20:00:59 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-851764498-1324963235-3280204597-1000UA.job
    [2011/01/12 20:00:57 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-851764498-1324963235-3280204597-1000Core.job
    [2011/01/12 12:09:19 | 000,329,711 | ---- | C] () -- C:\Users\Owner\Desktop\DSCN0078.JPG
    [2011/01/10 05:55:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2011/01/08 00:50:33 | 000,014,192 | ---- | C] () -- C:\Users\Owner\Documents\Bats 2011 Info.docx
    [2010/12/25 09:42:02 | 000,001,241 | ---- | C] () -- C:\Users\Owner\Desktop\iSkysoft iMedia Converter.lnk
    [2010/12/25 09:42:00 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
    [2010/12/25 09:41:55 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
    [2010/12/25 09:41:55 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
    [2010/12/18 21:13:15 | 000,041,893 | ---- | C] () -- C:\Users\Owner\Desktop\jonny.jpg
    [2010/01/18 19:16:21 | 000,000,286 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2010/01/18 18:58:52 | 000,024,209 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
    [2009/12/24 09:33:09 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
    [2009/12/24 09:33:09 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
    [2009/12/24 09:33:09 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
    [2009/12/24 09:33:06 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
    [2009/08/25 04:06:41 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    [2009/08/25 04:06:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/08/25 04:06:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/08/25 04:05:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/08/25 04:05:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2009/08/09 03:42:48 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2009/08/09 03:38:18 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2009/08/09 03:36:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2009/08/09 03:35:20 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/01/14 22:51:53 | 000,017,890 | ---- | M] () -- C:\ComboFix.txt
    [2009/12/24 09:38:01 | 000,000,000 | ---- | M] () -- C:\detestfrag.txt
    [2011/01/14 09:39:22 | 4193,452,032 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/12/05 10:00:02 | 000,000,221 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/14 09:41:19 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\7s9z7yw1.exe
    [2010/03/21 11:40:11 | 007,747,408 | ---- | M] (Tailwag Software ) -- C:\Users\Owner\Desktop\cbsetup.exe
    [2011/01/14 21:32:59 | 004,154,944 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/01/31 13:41:05 | 003,383,813 | ---- | M] () -- C:\Users\Owner\Desktop\gwave555.exe
    [2010/12/05 09:51:35 | 002,495,288 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\Desktop\IE9-Windows7-x64-enu.exe
    [2011/01/14 19:52:34 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup(2).exe
    [2011/01/14 08:36:45 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
    [2011/01/14 10:26:54 | 000,080,384 | ---- | M] () -- C:\Users\Owner\Desktop\MBRCheck.exe
    [2010/08/27 20:35:32 | 034,226,736 | ---- | M] (Cisco Systems, Inc.) -- C:\Users\Owner\Desktop\nmsetup.exe
    [2011/01/15 00:50:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2010/02/15 12:09:15 | 021,566,928 | ---- | M] (Avanquest Software ) -- C:\Users\Owner\Desktop\RingToneMediaStudio300_ENU_Trial.exe
    [2010/02/11 10:21:05 | 007,516,816 | ---- | M] (LockLizard ) -- C:\Users\Owner\Desktop\SafeguardPDFViewer_v25.exe
    [2011/01/14 08:34:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/04 04:44:28 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/01/14 09:39:47 | 000,000,188 | ---- | M] () -- C:\ProgramData\HPWALog.txt
    [2009/08/25 04:06:33 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/08/09 03:43:08 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2009/08/25 04:05:56 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/08/09 03:38:07 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2009/08/25 04:05:16 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2009/08/25 04:06:17 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/08/09 03:35:58 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/08/09 03:42:39 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2009/08/25 04:06:42 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
    Rackster,
    #16
  18. 2011/01/15
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    OTL Extras logfile created on: 1/15/2011 12:51:49 AM - Run 1
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.7930.16406)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 452.84 Gb Total Space | 408.23 Gb Free Space | 90.15% Space Free | Partition Type: NTFS
    Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
    "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "LSI Soft Modem" = LSI HDA Modem
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
    "{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
    "{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4313E16C-811B-469F-8815-6EB98085F8B2}" = SlingBoxWatchYourTVAnyWhere
    "{43CD257A-4F32-4BDE-9B3D-14E6E10C8307}" = Roxio Creator 2010
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content
    "{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{5709192F-2F9D-4C8A-9563-18A9E8A7DF26}" = Mobile Studio
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
    "{62AD5F7F-9CFC-4523-AF83-C58F02836635}" = Geek Squad 24 Hour Computer Support
    "{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB
    "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer
    "{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95549A84-FFED-4901-A796-CD163FC65C80}" = Ringtone Media Studio
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Calendar Builder_is1" = Calendar Builder
    "CoffeeCup HTML Editor" = CoffeeCup HTML Editor
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "GoldWave v5.55" = GoldWave v5.55
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "iSkysoft iMedia Converter_is1" = iSkysoft iMedia Converter(Build 3.0.3.0)
    "LimeWire" = LimeWire 5.4.6
    "Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.5.122
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "N360" = Norton 360
    "Network MagicUninstall" = Network Magic
    "PalTalk8.2" = PaltalkScene
    "Roxio PhotoShow" = Roxio PhotoShow
    "TTB000001.TTB000001Toolbar" = CouponBar
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo Satellite Maps Downloader_is1" = Yahoo Satellite Maps Downloader 5.19
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/3/2010 5:49:10 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b802 Exception code: 0xc000041d Fault offset: 0x0000000000029188 Faulting
    process id: 0x17a4 Faulting application start time: 0x01cb9333eb2267e9 Faulting application
    path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 28e921ed-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:49:32 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b802 Exception code: 0xc000041d Fault offset: 0x0000000000029188 Faulting
    process id: 0x59c Faulting application start time: 0x01cb9333f8437eec Faulting application
    path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 360a38ef-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:49:35 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: ntdll.dll, version: 6.1.7600.16559,
    time stamp: 0x4ba9b802 Exception code: 0xc0000005 Fault offset: 0x0000000000051c30
    Faulting
    process id: 0x24c Faulting application start time: 0x01cb933395a28ca5 Faulting application
    path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 374df415-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:50:58 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: ntdll.dll, version: 6.1.7600.16559,
    time stamp: 0x4ba9b802 Exception code: 0xc0000005 Fault offset: 0x0000000000051c30
    Faulting
    process id: 0x1648 Faulting application start time: 0x01cb9333fc80f269 Faulting application
    path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 690a94ae-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:51:46 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b802 Exception code: 0xc000041d Fault offset: 0x0000000000029188 Faulting
    process id: 0x1530 Faulting application start time: 0x01cb93344813c8ce Faulting application
    path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 85e10ab2-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:51:49 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b802 Exception code: 0xc000041d Fault offset: 0x0000000000029188 Faulting
    process id: 0xa38 Faulting application start time: 0x01cb933449574580 Faulting application
    path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 871d3463-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:51:49 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b802 Exception code: 0xc000041d Fault offset: 0x0000000000029188 Faulting
    process id: 0x438 Faulting application start time: 0x01cb9334499e12d1 Faulting application
    path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 875f1fb3-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:51:49 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b802 Exception code: 0xc000041d Fault offset: 0x0000000000029188 Faulting
    process id: 0x1270 Faulting application start time: 0x01cb933449dfcf26 Faulting application
    path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 87a0dc19-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:51:50 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b802 Exception code: 0xc000041d Fault offset: 0x0000000000029188 Faulting
    process id: 0x17a4 Faulting application start time: 0x01cb93344a204353 Faulting application
    path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 87e32502-ff27-11df-a5f7-b8c0cc8ddac9

    Error - 12/3/2010 5:51:50 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b802 Exception code: 0xc000041d Fault offset: 0x0000000000029188 Faulting
    process id: 0xbb8 Faulting application start time: 0x01cb93344a5f6f68 Faulting application
    path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 88207c4a-ff27-11df-a5f7-b8c0cc8ddac9

    [ Media Center Events ]
    Error - 1/29/2010 8:46:29 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 7:46:29 PM - Error connecting to the internet. 7:46:29 PM - Unable
    to contact server..

    [ System Events ]
    Error - 8/5/2010 5:30:35 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/5/2010 7:25:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/7/2010 7:55:19 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/7/2010 7:55:56 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description =

    Error - 8/7/2010 6:20:57 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003
    Description =

    Error - 8/7/2010 7:09:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/7/2010 7:21:28 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/9/2010 9:37:46 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/9/2010 12:53:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 12 service to connect.

    Error - 8/9/2010 11:49:10 PM | Computer Name = Owner-PC | Source = BROWSER | ID = 8032
    Description =


    < End of report >
     
    Rackster,
    #17
  19. 2011/01/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKU\S-1-5-21-851764498-1324963235-3280204597-1000\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #18
  20. 2011/01/15
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-851764498-1324963235-3280204597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry key HKEY_USERS\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cinemanow.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cinemanow.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qflix.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\roxio.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonic.com\redirect\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-851764498-1324963235-3280204597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonic.com\redirect2\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 1817029 bytes
    ->Temporary Internet Files folder emptied: 435717 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 30855431 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 775 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Robert
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 32.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Robert
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.2 log created on 01152011_083711

    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\JET750F.tmp not found!

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.1 MUI
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Norton ccSvcHst.exe
    ``````````End of Log````````````
     
    Rackster,
    #19
  21. 2011/01/15
    Rackster

    Rackster Inactive Thread Starter

    Joined:
    2002/01/11
    Messages:
    138
    Likes Received:
    0
    ESET Online Scanner produced no log.
     
    Rackster,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...