Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj/Dl-AH, Mal/JavaDeSp-A, Mal/Generic-A


  • This topic is locked This topic is locked
16 replies to this topic

#1 JennaOptimist

JennaOptimist

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 13 September 2010 - 10:32 AM

I have run Webroot Antivirus to come up with those in the title. I do not have a subscription for this however. My subscription for Norton 360 has been fabulous for a long while, but I seem to have had something slip through the cracks. My firewall keeps being disabled, my protection and privacy settings lowered. Norton is not finding whatever seems to be the root issue of this problem.

Also, I am not sure if this is relevant or not... For a few months now, when I start my computer, it beeps and will not go through to the start up process unless I hit ESC and then go through the prompts to get Windows to start normally. I thought that I would have to call HP and fight with customer service to get this resolved, which I have been apprehensive to do, though now I am wondering if it could not somehow be a part of my problem.

Additionally, I cannot get rid of Google toolbar, no matter what I try. I do not use and do not want it, and am suspicious that it is also in part attached to the problems that I am having.

I have followed the directions in this forum. Attached, please find the logs for the DDS and Attachment as requested. When running GMER however, it would not allow a scan of anything but 'Services, Registry, Files, C:\, ADS' I tried downloading it from both download options but either way it would not allow me to check off the rest of the preferred scanning options that were unchecked upon download. Because of this there was nothing found by the scan and so there is nothing for me to attach from GMER.

Thank you for all of your help!
Jennifer




DDS (Ver_10-03-17.01) - NTFSX64
Run by Jennifer at 8:29:25.88 on Mon 09/13/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3836.1526 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\calc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jennifer\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files (x86)\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPAdvisor] "c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [UCam_Menu] "c:\program files (x86)\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] "c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [HP Software Update] "c:\program files (x86)\hp\hp software update\HPWuSchd2.exe"
mRun: [DpAgent] "c:\program files (x86)\digitalpersona\bin\dpagent.exe"
mRun: [Corel Photo Downloader] c:\program files (x86)\corel\corel snapfire\PhotoDownloader.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [WirelessAssistant] "c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SpySweeper] "c:\program files (x86)\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\users\jennifer\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun-x64: [SMSERIAL] "c:\program files\motorola\smserial\sm56hlpr.exe"
mRun-x64: [RtHDVCpl] "c:\program files\realtek\audio\hda\RAVCpl64.exe"
mRun-x64: [NtrigApplet] "c:\program files\n-trig\n-trig software bundle\NtrigApplet.exe"
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

================= FIREFOX ===================

FF - ProfilePath - c:\users\jennifer\appdata\roaming\mozilla\firefox\profiles\af83gix8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.norton.com/
FF - component: c:\program files (x86)\digitalpersona\bin\firefoxext\components\dpffcli.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2008-10-3 225296]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 37488]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360x64\0402000.00c\symds64.sys [2010-5-27 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0402000.00c\symefa64.sys [2010-5-27 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100810.004\BHDrvx64.sys [2010-8-9 945200]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0402000.00c\cchpx64.sys [2010-5-27 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100909.001\IDSviA64.sys [2010-9-9 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360x64\0402000.00c\ironx64.sys [2010-5-27 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360x64\0402000.00c\symtdiv.sys [2010-5-27 451120]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 02:44:29];c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-11-28 146928]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSr64.exe [2009-7-20 88576]
R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-5-27 126392]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\sminst\BLService.exe [2009-1-19 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-2-9 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-2-9 116096]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files (x86)\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files (x86)\webroot\webrootsecurity\WRConsumerService.exe [2010-9-11 1201640]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-19 227896]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 64000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-7 132656]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\drivers\NtrigDigitizerUSBLowerFilter.sys [2009-7-20 6656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-13 220672]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-7-20 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-8-6 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-2-22 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-13 13:26:51 0 ----a-w- c:\users\jennifer\defogger_reenable
2010-09-11 23:18:34 511328 ----a-w- c:\windows\syswow64\capicom.dll
2010-09-11 23:18:22 0 d-----w- c:\program files (x86)\Ask.com
2010-09-11 23:17:31 0 d-----w- c:\program files (x86)\MSSOAP
2010-09-11 23:17:03 1563008 ----a-w- c:\windows\WRSetup.dll
2010-09-11 23:17:03 0 d-----w- c:\users\jennifer\appdata\roaming\Webroot
2010-09-11 23:17:03 0 d-----w- c:\programdata\Webroot
2010-09-11 23:17:03 0 d-----w- c:\program files (x86)\Webroot
2010-09-11 23:02:40 164 ----a-w- c:\windows\install.dat
2010-08-24 16:08:54 188 ----a-w- c:\users\jennifer\appdata\roaming\wklnhst.dat

==================== Find3M ====================

2010-09-12 03:31:27 1890 --sha-w- c:\windows\syswow64\KGyGaAvL.sys
2010-08-13 16:06:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-13 16:06:25 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-13 16:06:00 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-17 20:13:36 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-07-17 20:13:36 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-07-17 20:13:36 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2010-07-17 20:13:36 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2010-07-17 20:13:36 3058168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2010-07-11 04:11:10 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-11 04:11:10 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-11 04:11:10 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-11 04:11:09 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-21 14:05:22 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:48:21 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 17:31:29 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-03-16 08:27:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-15 15:05:51 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-01-19 09:20:51 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 8:33:01.33 ===============

Attached Files


Edited by JennaOptimist, 13 September 2010 - 10:36 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:53 AM

Posted 20 September 2010 - 03:14 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 JennaOptimist

JennaOptimist
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 21 September 2010 - 08:53 AM

Hello Elise,

Thank you for taking a look at my system. Here are some of the things that are most noticeable.

* My internet will lock up and be delayed many times while using it one hour, but be fine for the next couple of hours.
* I often have to hit 'esc' to get it to allow me to scroll and stop running all over the place. ie jumpy screen, delayed scrolling
* Though I have repeatedly turned my firewall and privacy settings on, they keep being turned off or lowered.
* The mouse keeps switching to another mouse option and will often float to a specific spot on the screen and I need to reboot to stop it.
* When I do reboot, it will have a continuous beep that forces me to shut it off again to make it stop and so now every time I start it I have to hit 'esc' and tell it to start normally in order to bypass whatever is making it beep like that.

I do not know if any of this is related, though it did all start about the same time, for the most part. I have Norton and it has not picked up on whatever is causing these issues. I have used Norton in the past and always found it a very useful tool, but I don't think that whatever I have is allowing Norton to update its definitions maybe.

I am sure I am probably forgetting some of the stupidity that has been going on, but I think this is a fairly comprehensive list of what's been going on. I will insert the two logs from OTL in this reply and then run the other app you requested.

Thank you so much,
Jennifer



OTL logfile created on: 9/21/2010 7:47:57 AM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Jennifer\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.07 Gb Total Space | 250.08 Gb Free Space | 55.20% Space Free | Partition Type: NTFS
Drive D: | 12.69 Gb Total Space | 2.00 Gb Free Space | 15.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFERS_PC
Current User Name: Jennifer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/21 07:45:14 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Downloads\OTL.exe
PRC - [2010/09/11 18:19:28 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2010/08/03 21:41:18 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/03 21:41:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/12/01 14:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/12/01 14:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/11/06 15:19:44 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/02/09 19:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 19:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/12/25 15:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 15:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2006/11/02 10:04:16 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe


========== Modules (SafeList) ==========

MOD - [2010/09/21 07:45:14 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Downloads\OTL.exe
MOD - [2010/05/14 00:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/04/11 01:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/07 16:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 16:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2008/12/10 12:04:58 | 000,935,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/09/25 11:49:12 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/11 18:19:28 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/12/01 14:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/02/09 19:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 19:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/12/17 19:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/17 15:13:36 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/04/21 23:57:56 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2010/02/25 14:19:02 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/03 20:40:47 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2009/11/06 12:00:36 | 000,135,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2009/11/06 12:00:34 | 000,037,488 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/17 11:14:14 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/10 13:31:26 | 004,993,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/10/03 23:08:28 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/09/23 08:38:34 | 001,200,128 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2008/09/19 19:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/07/27 11:45:54 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NtrigDigitizerUSBLowerFilter.sys -- (NtrigDigitizerUSBLowerFilter)
DRV:64bit: - [2008/06/20 11:37:42 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/05/30 15:44:42 | 000,217,216 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV:64bit: - [2008/05/28 19:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 03:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/16 06:59:14 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100920.050\EX64.SYS -- (NAVEX15)
DRV - [2010/09/16 06:59:14 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100920.050\ENG64.SYS -- (NAVENG)
DRV - [2010/08/31 17:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/06/04 23:49:16 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100920.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 15:18:36 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/27 15:18:36 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/11/28 20:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/20 02:44:29] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.norton.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/02/21 11:50:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/09/20 03:44:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/04/21 23:59:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/03 21:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/22 16:25:45 | 000,000,000 | ---D | M]

[2010/02/19 15:57:46 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions
[2010/09/11 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8cijn4s7.default\extensions
[2010/09/11 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8cijn4s7.default\extensions\toolbar@ask.com
[2010/09/19 22:04:53 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\af83gix8.default\extensions
[2010/04/28 10:41:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\af83gix8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/10 23:11:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/10 23:11:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/10 23:11:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\askcom.xml
[2009/04/07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Yahooober7760098.gif
[2010/06/26 17:09:12 | 000,000,196 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Yahooober7760098.src

O1 HOSTS File: ([2010/09/11 19:14:30 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\..\Toolbar\WebBrowser: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [NtrigApplet] C:\Program Files\N-trig\N-trig Software Bundle\NtrigApplet.exe (N-trig LLC)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\PhotoDownloader.exe File not found
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/no...PProdDetect.cab (HP Product Detection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jennifer\Pictures\Inspirations\38993_145207095506926_100000529092310_318252_234373_n.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jennifer\Pictures\Inspirations\38993_145207095506926_100000529092310_318252_234373_n.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5435fc62-74b9-11df-8650-00269e130999}\Shell - "" = AutoRun
O33 - MountPoints2\{5435fc62-74b9-11df-8650-00269e130999}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5435fcc7-74b9-11df-8650-00269e130999}\Shell - "" = AutoRun
O33 - MountPoints2\{5435fcc7-74b9-11df-8650-00269e130999}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f7c873b1-7a9c-11df-b7f1-00269e130999}\Shell - "" = AutoRun
O33 - MountPoints2\{f7c873b1-7a9c-11df-b7f1-00269e130999}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/11 18:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/09/11 18:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/09/11 18:17:03 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2010/09/11 18:17:03 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Webroot
[2010/09/11 18:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/09/11 18:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/08/24 17:59:44 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Business
[2010/08/24 11:08:59 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Template
[2010/08/24 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Portfolio
[2010/08/24 09:46:40 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Pulled from old files
[2010/08/15 18:01:45 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Getting Rid of Garbage
[2010/08/15 15:21:42 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Journaling
[2010/08/13 11:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010/08/10 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\BookSmartData
[2010/08/10 23:23:47 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\.blurb
[2010/08/10 23:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BookSmart
[2010/08/06 23:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/08/06 23:15:48 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Google
[2010/08/03 21:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/08/02 21:32:16 | 000,000,000 | ---D | C] -- C:\DISNEY
[2010/08/02 13:21:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/28 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Health and Wellness
[2010/07/27 20:50:34 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Research
[2010/07/27 19:36:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Tific
[2010/07/26 15:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2010/07/26 15:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010/07/26 15:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/07/26 14:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3.2 (en-US) Installation Files
[2010/07/17 15:06:54 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\hpqLog
[2010/07/14 00:32:38 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Meditation
[2010/06/26 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Faerie Solitaire
[2010/06/26 17:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2010/06/26 17:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media

========== Files - Modified Within 90 Days ==========

[2010/09/21 07:47:44 | 003,670,016 | -HS- | M] () -- C:\Users\Jennifer\NTUSER.DAT
[2010/09/21 07:21:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/21 06:22:04 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 06:22:04 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/21 01:55:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 22:41:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 20:22:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJennifer.job
[2010/09/19 20:22:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/19 20:21:31 | 4023,533,568 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/19 18:31:19 | 000,524,288 | -HS- | M] () -- C:\Users\Jennifer\NTUSER.DAT{3b9b504a-1dcb-11df-a81d-00269e130999}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 18:31:19 | 000,065,536 | -HS- | M] () -- C:\Users\Jennifer\NTUSER.DAT{3b9b504a-1dcb-11df-a81d-00269e130999}.TM.blf
[2010/09/19 18:30:43 | 001,716,157 | -H-- | M] () -- C:\Users\Jennifer\AppData\Local\IconCache.db
[2010/09/19 01:33:49 | 000,001,674 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L36B5A644B1D64940AC15417BC1599314.job
[2010/09/13 08:26:51 | 000,000,000 | ---- | M] () -- C:\Users\Jennifer\defogger_reenable
[2010/09/12 08:21:39 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/12 08:21:39 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/12 08:21:38 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/11 22:31:27 | 000,001,890 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/09/11 21:50:39 | 000,193,024 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 19:14:30 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010/09/11 18:18:37 | 000,000,256 | ---- | M] () -- C:\Windows\win.ini
[2010/09/11 18:18:36 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2010/09/11 18:17:09 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2010/09/11 18:02:43 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/09/04 12:21:24 | 000,001,013 | ---- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org Writer (2).lnk
[2010/08/24 11:09:00 | 000,000,188 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2010/08/12 06:27:38 | 000,384,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/11 08:07:47 | 000,029,328 | ---- | M] () -- C:\Users\Jennifer\Documents\Joshua Daniel in one million words or less.odt
[2010/08/10 23:13:19 | 000,011,290 | ---- | M] () -- C:\Users\Jennifer\Documents\Great Quotes.odt
[2010/08/02 13:20:52 | 599,740,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/30 15:52:08 | 000,000,680 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2010/07/27 19:19:32 | 000,107,440 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/26 15:33:22 | 000,001,013 | ---- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org Writer.lnk
[2010/07/26 15:26:32 | 000,001,070 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/07/17 15:15:42 | 001,048,812 | ---- | M] () -- C:\Windows\SysNative\oem21.inf
[2010/07/17 15:13:36 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll

========== Files Created - No Company Name ==========

[2010/09/13 08:26:51 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\defogger_reenable
[2010/09/11 19:14:15 | 000,001,674 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L36B5A644B1D64940AC15417BC1599314.job
[2010/09/11 18:18:36 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2010/09/11 18:17:13 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2010/09/11 18:02:40 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/09/04 12:21:24 | 000,001,013 | ---- | C] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org Writer (2).lnk
[2010/08/24 11:08:54 | 000,000,188 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2010/08/19 23:28:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJennifer.job
[2010/08/10 23:13:17 | 000,011,290 | ---- | C] () -- C:\Users\Jennifer\Documents\Great Quotes.odt
[2010/08/10 16:26:45 | 000,029,328 | ---- | C] () -- C:\Users\Jennifer\Documents\Joshua Daniel in one million words or less.odt
[2010/08/06 23:16:19 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/06 23:16:17 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/02 13:20:52 | 599,740,265 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/26 15:33:22 | 000,001,013 | ---- | C] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org Writer.lnk
[2010/07/26 15:26:32 | 000,001,070 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/07/26 14:59:54 | 000,421,544 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\dd_vcredistMSI08D7.txt
[2010/07/26 14:59:52 | 000,023,782 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\dd_vcredistUI08D7.txt
[2010/07/17 15:17:28 | 001,048,812 | ---- | C] () -- C:\Windows\SysNative\oem21.inf
[2010/04/12 17:42:16 | 000,000,680 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2010/03/02 15:09:37 | 000,001,890 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/03/01 15:26:44 | 000,193,024 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/22 13:02:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/02/22 13:01:16 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/02/19 18:53:29 | 000,000,732 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps64.dat
[2010/02/19 15:35:01 | 000,000,283 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/02/19 15:35:00 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\QSwitch.txt
[2010/02/19 15:35:00 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DSwitch.txt
[2010/02/19 15:35:00 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\AtStart.txt
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2009/07/20 05:15:01 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/07/20 05:14:49 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/07/20 05:13:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/07/20 05:13:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/07/20 05:10:37 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/19 04:37:55 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/19 04:29:55 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/19 04:27:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/19 04:25:34 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/03/28 16:32:08 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Amazon
[2010/02/22 15:17:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/19 15:35:02 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\DigitalPersona
[2010/06/26 17:30:07 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Faerie Solitaire
[2010/07/26 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2010/08/24 11:08:59 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2010/07/27 19:36:07 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Tific
[2010/02/19 19:09:34 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WildTangent
[2010/05/16 00:05:17 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WinBatch
[2010/09/19 18:31:27 | 000,030,900 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/19 01:33:49 | 000,001,674 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L36B5A644B1D64940AC15417BC1599314.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:39F44D9C
< End of report >













OTL Extras logfile created on: 9/21/2010 7:48:01 AM - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\Jennifer\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.07 Gb Total Space | 250.08 Gb Free Space | 55.20% Space Free | Partition Type: NTFS
Drive D: | 12.69 Gb Total Space | 2.00 Gb Free Space | 15.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNIFERS_PC
Current User Name: Jennifer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1161024379-1129127795-2878303022-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 75 D0 D6 81 51 C4 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F8300E3-4848-43B6-B76A-4DC7E11289FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F2C691D-E729-48FF-998D-C246F55C50B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B716AA64-1E6C-42DB-AEFD-288D32E331DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC27AE0B-173B-4D73-9A1E-564F49D078B1}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B18B724-2C46-4BFC-856B-F89BEF92D020}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{140D4F04-4C08-4D25-BD65-650D0390E6BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{1A73B8DF-204E-429A-ABAD-55179C563CAC}" = protocol=6 | dir=out | app=system |
"{29B13470-B816-4E1A-BF49-E83E0D9C0AD0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{3D2E3F88-C4EE-48FD-9BE8-2B3084B07B6A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{400B3F63-377D-4396-9DD7-C522B5678081}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{53842451-7D26-4CAF-905B-37F256CB4B6A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{6D49E24D-27D6-4173-99A0-D9C217A1D497}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C88885A-D18B-44AD-A506-D34EAEBB135C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{7FBBD839-4DA2-4F1B-A180-74C7335F9845}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{8E7D670A-ECE5-4B0E-AC24-DE649D15BCE0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{90B52C78-1501-47D0-8C64-B1459D157D5E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{960F6217-2DF6-4DD2-9B2E-14FF1DCCD094}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{B529DA0A-8092-492E-8400-4B85AF198A1A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{B5B11AEB-86EC-4DEC-96DA-197E5F27FF5F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C4AB8367-C304-437A-9EC3-1FA34501E7EE}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{C5BF155F-FCD3-4032-B116-898522935738}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE54A0E8-4B02-42D1-9930-584651C9F4ED}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{DED061AC-CFA8-4787-B8AA-6EA3EC93B31C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E3B3BC3D-B273-4391-B2FC-E810DEE04EAA}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E4A81B2B-00C7-4EAE-80EC-2DC19670CF2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{EAF0A971-A096-4D26-8BE3-2F4D8C1B5F37}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F28A1C09-B558-4C90-AF35-83A1789D5D89}" = protocol=6 | dir=out | app=system |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{125C4322-F663-621E-1717-FBA5976E86D9}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
"{FF57A2B3-B3C5-0F21-258B-0CEA210C4FC1}" = ATI Catalyst Install Manager
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{032E5921-DBAC-D2A2-1A2E-4ECCCEB1873F}" = Catalyst Control Center Localization German
"{06C3F44C-594A-A520-217B-D7CEB10B7B13}" = CCC Help Korean
"{07E79209-C481-B61C-09F1-3C9B6314AB4B}" = CCC Help Swedish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B7D6A80-462B-EA53-8746-2F8336E88BED}" = Catalyst Control Center Localization Turkish
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{14BE20CC-6BA7-E6BC-B3FC-342AB38615B5}" = Catalyst Control Center Graphics Full New
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{19579A7F-CEFF-323B-8316-4E77AB46282D}" = Catalyst Control Center Localization Thai
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{20FE2A29-82B3-FB5F-B80F-F3073DBD79E7}" = CCC Help Norwegian
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28FD271E-04C1-2F8E-C488-E608DEA81BA7}" = Catalyst Control Center Localization Swedish
"{2D3A5AF6-42A1-0BB8-3388-89373486356A}" = Catalyst Control Center Localization Russian
"{31A2B8CD-128C-E595-D219-EF874CCE3C7C}" = CCC Help Turkish
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32AEDEFC-AB7D-2E26-2AFA-1ED8467439E6}" = Catalyst Control Center Graphics Previews Common
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35B436A3-FFFA-E0EC-930B-4A019D40D2B2}" = Catalyst Control Center Localization Japanese
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7E8B4E-1BCC-B31E-0599-989F80756E86}" = Catalyst Control Center Localization French
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A505710-AB9D-D907-8B74-BF4C1D5E8970}" = ccc-core-static
"{5E15BCAB-3102-066A-19E4-695BB88080C5}" = CCC Help Thai
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64D7461A-A534-3CA8-851E-10B131467B7D}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6ADF469A-09CC-CF08-16EB-D26330F1BF5A}" = CCC Help Czech
"{6C8FEAF9-EE14-016E-416C-5FE497323BCC}" = CCC Help French
"{7164E973-08E3-EFE8-D92B-6B32695CED63}" = Catalyst Control Center Graphics Previews Vista
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B64A83A-827D-8EAC-B219-6CC40CD47716}" = Catalyst Control Center Localization Spanish
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117217620}" = Faerie Solitaire
"{83D5B9E5-3E1B-AB60-C643-26E85CE87BD2}" = CCC Help Russian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A24B28B-2444-4933-748B-FA41A0604329}" = Catalyst Control Center Localization Czech
"{8B07C505-39DC-231A-4D0F-714A39FB8C88}" = Catalyst Control Center Localization Portuguese
"{8E39C887-375E-32C9-28DA-3116C5222076}" = Catalyst Control Center Localization Korean
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986836B0-1A1E-9EB4-01C6-6C0919680922}" = CCC Help German
"{9B2FD9D8-6C82-9FDE-81EC-A0679311216A}" = CCC Help Polish
"{9BDBF2AC-363E-2059-A9B7-7AE113B0E9B6}" = CCC Help Chinese Traditional
"{9C0C8FAC-F071-FFC0-22FD-564A820D9D92}" = CCC Help Greek
"{9D51B0BF-BEE7-E49E-E2C1-A89E5C4CC641}" = Catalyst Control Center Graphics Light
"{A026E033-DA09-DFA5-3D0A-6C22641218D1}" = Catalyst Control Center Localization Finnish
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9884E06-0D0A-6302-D23F-3FD272CC6111}" = Catalyst Control Center Localization Hungarian
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACB95EBF-DDCC-DE13-5F0F-E45388D6794A}" = CCC Help Italian
"{AF23E148-FA00-86B8-7AF3-04FE88720D4E}" = Catalyst Control Center Localization Polish
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B600EB97-A090-18EC-7B04-B5CF5B5B415E}" = CCC Help Dutch
"{BCDDD1F1-8C04-15E6-DA37-466307644AF7}" = CCC Help Finnish
"{C06475E0-9080-2C83-C0A0-AFB3358EDE52}" = CCC Help Danish
"{C1A138F0-DF67-4E8D-B7AF-30C71BF8435D}" = HP User Guides 0123
"{C1DBFD74-B7B6-B219-E7C7-F3D2CD911EEE}" = Catalyst Control Center Localization Italian
"{C283284D-FDB2-4438-A26A-40C62F7008E7}" = N-trig Software Bundle
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C58296EC-E83D-D269-0BE3-D940422BA30E}" = Catalyst Control Center Localization Greek
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827}" = Calendar Creator 10
"{C9F10177-84CC-3548-484C-690112F84FE5}" = Catalyst Control Center Localization Chinese Traditional
"{CA5003A5-ECDD-AA80-B0F4-AD90B9B6BC32}" = Catalyst Control Center InstallProxy
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC23AEA3-B338-9CAB-43CB-E9FB8CAE38A2}" = CCC Help Japanese
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D76EAFDA-A3D2-8B73-20E0-E794D20BB618}" = Catalyst Control Center Localization Chinese Standard
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E1FEE030-2E5A-572D-8678-61336E538689}" = Catalyst Control Center Core Implementation
"{E2FB7D2C-061F-37D3-4ECE-BEB5F91AA183}" = Skins
"{E3C5A9C4-F950-4203-0DDE-BA8754A5255B}" = Catalyst Control Center Graphics Full Existing
"{E7A1DDF6-3F2C-770E-EAEA-CA72667F49D1}" = CCC Help Portuguese
"{E7A38C6E-8911-D44E-9A8D-548F2625D2AE}" = Catalyst Control Center Localization Norwegian
"{E991BFA0-1EBA-8FFF-6B7F-71DD0F13DCB9}" = CCC Help Chinese Standard
"{EBC8DD57-55CE-5994-BD78-75C238AB26ED}" = CCC Help Hungarian
"{ED0E47CC-F63F-C2B3-D66F-C0F6D38E9E3C}" = Catalyst Control Center Localization Dutch
"{EEE5E0E9-BC36-AD4F-3577-D6BFE1E7FC50}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5279211-B4AE-E523-5FD0-EB0D5A725AC2}" = CCC Help Spanish
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BookSmart® 2.8.0 2.8.0" = BookSmart® 2.8.0 2.8.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"N360" = Norton 360
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = HP Games
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1161024379-1129127795-2878303022-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2010 6:21:23 PM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24461

Error - 9/2/2010 6:21:23 PM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24461

Error - 9/2/2010 6:21:24 PM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2010 6:21:24 PM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25818

Error - 9/2/2010 6:21:24 PM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25818

Error - 9/2/2010 6:21:25 PM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/2/2010 6:21:25 PM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27191

Error - 9/2/2010 6:21:25 PM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27191

Error - 9/3/2010 7:29:51 AM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/3/2010 7:29:51 AM | Computer Name = Jennifers_PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 47333121

[ DigitalPersona Pro Events ]
Error - 2/24/2010 9:55:30 PM | Computer Name = Jennifers_PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2/24/2010 9:55:32 PM | Computer Name = Jennifers_PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2/24/2010 9:55:35 PM | Computer Name = Jennifers_PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2/24/2010 9:55:37 PM | Computer Name = Jennifers_PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2/24/2010 9:55:39 PM | Computer Name = Jennifers_PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2/24/2010 9:55:42 PM | Computer Name = Jennifers_PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 2/24/2010 9:55:45 PM | Computer Name = Jennifers_PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ OSession Events ]
Error - 2/19/2010 7:56:18 PM | Computer Name = Jennifers_PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1416
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/11/2010 4:04:46 AM | Computer Name = Jennifers_PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/11/2010 4:04:46 AM | Computer Name = Jennifers_PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/11/2010 4:04:46 AM | Computer Name = Jennifers_PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/11/2010 4:04:46 AM | Computer Name = Jennifers_PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/11/2010 4:08:19 AM | Computer Name = Jennifers_PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/11/2010 4:08:19 AM | Computer Name = Jennifers_PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/11/2010 4:10:19 AM | Computer Name = Jennifers_PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/11/2010 4:10:19 AM | Computer Name = Jennifers_PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/12/2010 3:16:53 PM | Computer Name = Jennifers_PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0026820E70BC. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 6/12/2010 3:17:38 PM | Computer Name = Jennifers_PC | Source = DCOM | ID = 10010
Description =


< End of report >


#4 JennaOptimist

JennaOptimist
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 21 September 2010 - 09:00 AM

Elise,

I downloaded RKUnhookerLE.EXE via the link you provided. While initializing I received this message:

Error loading driver, NTSTATUS code:0C000036B

Please let me know if there is anything else that you need me to try.

Jennifer

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:53 AM

Posted 21 September 2010 - 09:10 AM

Hi, thats only normal because you are on a 64 bit system.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 JennaOptimist

JennaOptimist
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 21 September 2010 - 12:53 PM

Hi Elise,

MBAM didn't pick up anything, though in my first post I did mention that Webroot Antivirus found two malware found within the title of this thread. Here is the report.


Thanks,
Jennifer











Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4664

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/21/2010 12:37:31 PM
mbam-log-2010-09-21 (12-37-31).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 374643
Time elapsed: 3 hour(s), 12 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:53 AM

Posted 21 September 2010 - 01:45 PM

Hi, what actual problems are you still having? I think ESET should pick up what Webroot detected, so lets see. smile.gif

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 JennaOptimist

JennaOptimist
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 21 September 2010 - 02:10 PM

Well Elise, so far I can't tell too much what has changed. I am trying to refrain from doing anything outside of your instructions. So far it doesn't seem to be any different. MBAM said that it did not find any malware, I will have to trust that if it is indeed there you will somehow manage to find it. As I said the title of this thread are the names copied from the report that Webroot gave me, though I have deleted that program already being that it would not remove those problems for me.

I really appreciate your patience...
Jennifer

Here is the OTL log:





All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jennifer
->Temp folder emptied: 10118427 bytes
->Temporary Internet Files folder emptied: 1362397 bytes
->Java cache emptied: 214294277 bytes
->FireFox cache emptied: 89660558 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 103735 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3115210 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 776669593 bytes

Total Files Cleaned = 1,045.00 mb


OTL by OldTimer - Version 3.2.14.0 log created on 09212010_135414

Files\Folders moved on Reboot...
C:\Users\Jennifer\AppData\Local\Temp\~DFC6BA.tmp moved successfully.

Registry entries deleted on Reboot...


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:53 AM

Posted 21 September 2010 - 02:25 PM


Okay, I'll wait for the ESET results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 JennaOptimist

JennaOptimist
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 22 September 2010 - 12:04 AM

Elise,

You are not going to believe this but 8 hours and 20 minutes later, no threats found! So there is no log to put here. My internet scrolling has messed up at least twice that I can think of over the coarse of the days scanning. I still have the google toolbar installed too, which I think might be the culprit behind lowering my internet security and turning off my safe surf. I have not been able to remove it. I'm honestly not sure where we might go from here, but I am heading to bed for the night. I will be back on at about 6:30am central time to begin again in whatever way you need me to.

Thank you so much for all of your patience and perseverance!
Jennifer

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:53 AM

Posted 22 September 2010 - 04:42 AM

Hi, please use your computer for a bit and see how everything runs.

The lack of security in your browser, may be caused by Ask Toolbar; I strongly recommend you to uninstall that using Add/Remove programs.

As for that Webroot detection; I wouldn't worry too much about it, most likely it was a false positive.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 JennaOptimist

JennaOptimist
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 22 September 2010 - 07:09 AM

Thank you Elise. I will go ahead and use it over the coarse of the day and see how it performs. I do not use anything but the Norton Safe Search anyway so I do not require any other toolbars, but guess what again? The Google toolbar seems to have finally disappeared after several unsuccessful attempts at uninstalling it. And now the Ask.com toolbar will not uninstall. I get this message:

Error loading driver. Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. (Contact suggestions here) vb_IS_FF_OPEN_UNINSTALL Script error - 2146828235 File not found Line 87. Column 2.

If you have a way to get it out of my machine I would be grateful!

A couple more things really quick if you don't mind... I have Norton 360 as you have seen. I am going to keep Malwarebytes. On CNet they recommend two other programs that are being personally recommended to me as well. Spybot for spyware. And Ccleaner for cleaning up bits for places other than the registry. Would you recommend these programs? And if so, will they work well together or interfere with one anothers protections?

And finally, the other programs that I installed yesterday... DDS, Gmer and OTL? They did not install to the desktop. They automatically ran when I hit download. Being that they are not in my program list, I'm not sure where to find them to get rid of them.

Thank you,
Jennifer

PS. Mozilla (Not Responding) in the time it took me to type up this message. Would a reinstall of Mozilla help?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:53 AM

Posted 22 September 2010 - 07:27 AM

Hi Jennifer, we will remove Ask Toolbar with a script then. smile.gif

I do not recommend Spybot; it used to be an excellent spyware scanner, but it has not been keeping track with latest malware and thus isn't very efficient anymore.

CCleaner is okay as long as you don't use the registry cleaning part; registry cleaners are inefficient at best and can cause tremendous damage in worst cases.

Norton is okay combined with MBAM; too much security is just overkill; just as important is keeping software up to date and a safe surfing behavior.

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    [2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\askcom.xml
    O2 - BHO: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKU\S-1-5-21-1161024379-1129127795-2878303022-1000\..\Toolbar\WebBrowser: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.





regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 JennaOptimist

JennaOptimist
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 22 September 2010 - 07:47 AM

OK, done. So do I just delete my downloads to get rid of the other programs we used? I had to click on the download again and allow it to autorun. Here is the report from getting rid of the ask toolbar.

Jennifer






All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1161024379-1129127795-2878303022-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jennifer
->Temp folder emptied: 1903819 bytes
->Temporary Internet Files folder emptied: 42642734 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66703867 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 997 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1618164 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 848 bytes

Total Files Cleaned = 108.00 mb


OTL by OldTimer - Version 3.2.14.0 log created on 09222010_073542

Files\Folders moved on Reboot...
C:\Users\Jennifer\AppData\Local\Temp\~DFF6EF.tmp moved successfully.

Registry entries deleted on Reboot...


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,820 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:53 AM

Posted 22 September 2010 - 07:50 AM

Sorry, I forget to answer that; yes, you can just delete tools like DDS and GMER; they do not install anything. See also below. If Firefox continues to give you trouble, disable the add ons one for one to find out which one is causing the problem.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Rerun OTL and click the Cleanup button. Allow a reboot. This will remove all logs and tools we used.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users