Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijack/After Restart no Boot CD found


  • This topic is locked This topic is locked
21 replies to this topic

#1 collinstevens

collinstevens

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans. LA
  • Local time:01:18 AM

Posted 29 October 2010 - 04:04 AM

I have a Google redirect malware (or whatever applies in this case) or at least some simile of it. It tries to redirect but I have Noscript on my Firefox which seems to block it from fully redirecting and then just sends me back to the Google homepage. It may be unrelated but after running Malware Bytes and restarting my netbook it said that there was no Operating system or Bootable CD to start up from. I did a hard restart and then it booted up fine. Shrug! So far, aside from the computer running slower than usual, it doesn't seem to be affecting much else. I did have trouble running Malware the first time through but it may have just been my fault as I was working on an hour of sleep. Any help is greatly appreciated.


DDS (Ver_10-10-21.02) - NTFSx86
Run by Keith at 18:07:25.91 on Wed 10/27/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.987.334 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Keith\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/?ref=hp
uInternet Settings,ProxyServer = http=127.0.0.1:27811
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.6.0.32\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Simplify Media] "c:\program files\hp\hp mediastream\HPMediaStream.exe" -splash
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [utigg] rundll32 "c:\users\keith\appdata\roaming\el-GR6.dll",HZHAOONVQ
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\keith\appdata\roaming\mozilla\firefox\profiles\xfh2830j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1106000.020\symds.sys [2010-4-8 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1106000.020\symefa.sys [2010-4-8 172592]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1106000.020\cchpx86.sys [2010-4-8 501888]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-9-29 17624]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100415.001\IDSvix86.sys [2010-4-17 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1106000.020\ironx86.sys [2010-4-8 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1106000.020\symtdiv.sys [2010-4-8 340016]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe [2010-2-12 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe [2010-4-8 126392]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-11-18 228408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-28 102448]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-12 174592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-12 204288]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

=============== Created Last 30 ================

2010-10-27 07:44:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-27 07:44:16 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-27 07:40:45 -------- d-----w- c:\users\keith\appdata\roaming\Malwarebytes
2010-10-27 07:39:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 07:39:50 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-27 07:39:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 07:39:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 18:00:26 103424 --sha-r- c:\users\keith\appdata\roaming\el-GR6.dll
2010-10-26 12:06:56 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ab406f15-3744-4537-a610-d8afba576d3c}\mpengine.dll
2010-10-24 08:24:32 -------- d-----w- c:\progra~2\DivX
2010-10-22 18:43:34 -------- d-----w- c:\users\keith\appdata\roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2010-10-20 01:10:34 -------- d-----w- c:\users\keith\appdata\roaming\StreamTorrent
2010-10-20 01:10:33 -------- d-----w- c:\program files\StreamTorrent 1.0
2010-10-20 01:05:39 -------- d-----w- c:\program files\SopCast
2010-10-20 00:57:27 -------- d-----w- c:\program files\VideoLAN
2010-10-17 22:57:58 -------- d-----w- c:\program files\uTorrent
2010-10-17 22:56:15 -------- d-----w- c:\users\keith\appdata\roaming\uTorrent
2010-10-17 20:35:21 -------- d-----w- c:\program files\Veetle
2010-10-17 17:58:28 -------- d-----w- c:\progra~2\McAfee Security Scan
2010-10-17 17:58:24 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-13 04:13:59 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 04:13:58 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 04:13:56 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 04:13:55 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 04:13:55 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 04:13:55 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 04:13:54 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 04:13:54 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 04:13:53 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-11 00:32:55 -------- d-----w- c:\program files\common files\DivX Shared
2010-10-11 00:32:54 -------- d-----w- c:\program files\DivX
2010-10-01 08:01:29 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-01 08:01:29 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 18:08:35 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 18:08:30 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-28 07:45:27 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-09-28 07:45:27 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-09-28 07:45:27 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-09-28 07:45:25 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-09-28 07:45:25 173352 ----a-w- c:\windows\system32\SynCOM.dll

==================== Find3M ====================

2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 18:47:41 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-09-20 18:47:40 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-09-20 18:47:40 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-09-20 18:47:40 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 18:09:24.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:18 AM

Posted 06 November 2010 - 08:22 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 collinstevens

collinstevens
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans. LA
  • Local time:01:18 AM

Posted 07 November 2010 - 08:45 PM

I'm here and ready whenever you are. Thanks for your help

Collin

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:18 AM

Posted 08 November 2010 - 04:39 AM

You have been hacked. The redirect adds a port (in bold below) to the home default

uInternet Settings,ProxyServer = http=127.0.0.1:27811


Before we clear it, please run TDSSKiller and see if it's a rootkit that did this

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 collinstevens

collinstevens
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans. LA
  • Local time:01:18 AM

Posted 08 November 2010 - 08:41 PM

I ran TDSS and no threats were found. I seem to remember that being the case previously when I ran it as well. I have also been getting an error message saying something like "this file can't be opened...internet security settings...etc" when I've tried to unpack anything with winzip or winrar. It still seems to unzip the files but I thought it was odd nonetheless. Anyway, here's the report as requested.

2010/11/08 19:37:15.0117 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/08 19:37:15.0117 ================================================================================
2010/11/08 19:37:15.0117 SystemInfo:
2010/11/08 19:37:15.0118
2010/11/08 19:37:15.0118 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/08 19:37:15.0118 Product type: Workstation
2010/11/08 19:37:15.0119 ComputerName: KEYDO
2010/11/08 19:37:15.0123 UserName: Keith
2010/11/08 19:37:15.0123 Windows directory: C:\Windows
2010/11/08 19:37:15.0123 System windows directory: C:\Windows
2010/11/08 19:37:15.0123 Processor architecture: Intel x86
2010/11/08 19:37:15.0123 Number of processors: 2
2010/11/08 19:37:15.0123 Page size: 0x1000
2010/11/08 19:37:15.0123 Boot type: Normal boot
2010/11/08 19:37:15.0123 ================================================================================
2010/11/08 19:37:16.0676 Initialize success
2010/11/08 19:37:24.0748 ================================================================================
2010/11/08 19:37:24.0748 Scan started
2010/11/08 19:37:24.0748 Mode: Manual;
2010/11/08 19:37:24.0749 ================================================================================
2010/11/08 19:37:26.0670 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/08 19:37:26.0810 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/08 19:37:26.0913 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/08 19:37:27.0002 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/08 19:37:27.0149 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/08 19:37:27.0296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/08 19:37:27.0456 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/11/08 19:37:27.0521 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/08 19:37:27.0586 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/11/08 19:37:27.0811 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/08 19:37:27.0931 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/11/08 19:37:28.0081 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/08 19:37:28.0351 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/08 19:37:28.0598 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/08 19:37:28.0777 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/08 19:37:29.0079 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/08 19:37:29.0344 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/08 19:37:29.0439 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/11/08 19:37:29.0702 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/11/08 19:37:29.0813 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/08 19:37:29.0961 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/08 19:37:30.0141 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/08 19:37:30.0501 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2010/11/08 19:37:30.0865 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/11/08 19:37:31.0220 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/11/08 19:37:31.0647 BCM43XX (36a47e6ab1f0967c97722183e21adb1a) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/11/08 19:37:31.0948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/11/08 19:37:32.0281 BHDrvx86 (8e309fc0c10d931b4aaef722cee8c394) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010/11/08 19:37:32.0490 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/08 19:37:32.0632 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/08 19:37:32.0706 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/08 19:37:32.0849 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/08 19:37:33.0026 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/11/08 19:37:33.0086 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/08 19:37:33.0313 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/08 19:37:33.0456 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/08 19:37:33.0691 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/08 19:37:33.0915 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys
2010/11/08 19:37:34.0098 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/08 19:37:34.0206 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/08 19:37:34.0377 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/08 19:37:34.0531 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/11/08 19:37:34.0713 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/08 19:37:34.0821 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/08 19:37:35.0020 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/11/08 19:37:35.0232 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/08 19:37:35.0333 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/08 19:37:35.0581 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/08 19:37:35.0924 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/11/08 19:37:36.0117 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/11/08 19:37:36.0233 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/11/08 19:37:36.0494 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/11/08 19:37:36.0625 DVMIO (8cf55015b2a443ee869c90cab31fd435) C:\SPLASH.SYS\config\dvmio.sys
2010/11/08 19:37:36.0830 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/08 19:37:37.0152 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/11/08 19:37:37.0534 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/08 19:37:37.0935 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/08 19:37:38.0209 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/08 19:37:38.0353 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/08 19:37:38.0507 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/11/08 19:37:38.0586 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/11/08 19:37:38.0685 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/08 19:37:38.0803 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/11/08 19:37:38.0867 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/11/08 19:37:38.0928 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/08 19:37:39.0024 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/11/08 19:37:39.0138 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/11/08 19:37:39.0212 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/08 19:37:39.0314 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/08 19:37:39.0388 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/08 19:37:39.0490 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/08 19:37:39.0560 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/11/08 19:37:39.0651 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/08 19:37:39.0699 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/08 19:37:39.0773 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/08 19:37:39.0871 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/08 19:37:40.0008 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/08 19:37:42.0201 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/11/08 19:37:42.0453 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/08 19:37:42.0627 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/11/08 19:37:42.0710 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/08 19:37:42.0836 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/08 19:37:43.0001 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/08 19:37:43.0113 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/08 19:37:43.0346 IDSVix86 (785b0ab77d977445d58b02ea63c11fb2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010/11/08 19:37:43.0652 igfx (81f7c715528ab621c6af58869d4b07b9) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/08 19:37:44.0012 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/08 19:37:44.0198 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/08 19:37:44.0337 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/08 19:37:44.0662 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/08 19:37:44.0894 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/08 19:37:45.0160 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/11/08 19:37:45.0406 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/11/08 19:37:45.0653 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/08 19:37:45.0748 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/08 19:37:45.0842 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/08 19:37:45.0926 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/08 19:37:46.0159 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/08 19:37:46.0268 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/08 19:37:46.0476 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/08 19:37:46.0653 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/08 19:37:46.0715 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/08 19:37:46.0784 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/08 19:37:46.0986 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/08 19:37:47.0077 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/11/08 19:37:47.0184 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/08 19:37:47.0281 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/08 19:37:47.0367 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/11/08 19:37:47.0445 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/08 19:37:47.0544 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/08 19:37:47.0634 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/08 19:37:47.0750 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/11/08 19:37:47.0832 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/08 19:37:47.0898 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/08 19:37:48.0061 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/08 19:37:48.0328 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/08 19:37:48.0467 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/08 19:37:48.0677 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/08 19:37:48.0972 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/08 19:37:49.0106 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/08 19:37:49.0460 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/11/08 19:37:49.0676 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/08 19:37:49.0758 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/08 19:37:50.0066 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/08 19:37:50.0320 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/08 19:37:50.0468 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/11/08 19:37:50.0617 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/11/08 19:37:50.0840 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/08 19:37:51.0012 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/11/08 19:37:51.0156 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/08 19:37:51.0328 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/11/08 19:37:51.0592 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/08 19:37:52.0106 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/11/08 19:37:52.0355 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/08 19:37:52.0520 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/08 19:37:52.0803 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/08 19:37:53.0012 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/08 19:37:53.0197 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/11/08 19:37:53.0415 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/08 19:37:53.0623 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/08 19:37:54.0513 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/11/08 19:37:54.0868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/08 19:37:55.0106 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/11/08 19:37:55.0356 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/08 19:37:55.0674 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/11/08 19:37:55.0872 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/11/08 19:37:56.0152 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/08 19:37:56.0488 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/08 19:37:56.0764 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/08 19:37:56.0967 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/08 19:37:57.0313 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/11/08 19:37:57.0395 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/11/08 19:37:57.0491 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/08 19:37:57.0599 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/11/08 19:37:57.0697 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/08 19:37:57.0879 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/08 19:37:58.0075 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/11/08 19:37:58.0174 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/11/08 19:37:58.0829 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/08 19:37:59.0037 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/11/08 19:37:59.0245 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/08 19:37:59.0470 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/08 19:37:59.0877 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/08 19:38:00.0059 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/08 19:38:00.0222 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/08 19:38:00.0325 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/08 19:38:00.0429 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/08 19:38:00.0629 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/08 19:38:00.0717 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/08 19:38:00.0815 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/08 19:38:00.0964 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/08 19:38:01.0049 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/08 19:38:01.0170 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/08 19:38:01.0277 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/08 19:38:01.0398 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/11/08 19:38:01.0559 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/11/08 19:38:01.0896 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/08 19:38:02.0042 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys
2010/11/08 19:38:02.0115 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/11/08 19:38:02.0226 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/08 19:38:02.0443 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/08 19:38:02.0568 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/08 19:38:02.0646 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/08 19:38:02.0737 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/08 19:38:02.0800 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/11/08 19:38:02.0861 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/08 19:38:03.0101 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/08 19:38:03.0158 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/08 19:38:03.0238 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/08 19:38:03.0307 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/08 19:38:03.0442 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/11/08 19:38:03.0511 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/08 19:38:03.0583 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/08 19:38:03.0649 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/11/08 19:38:03.0941 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/11/08 19:38:04.0246 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS
2010/11/08 19:38:04.0357 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS
2010/11/08 19:38:04.0464 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/08 19:38:04.0533 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/08 19:38:04.0630 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/11/08 19:38:04.0749 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/11/08 19:38:04.0863 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/11/08 19:38:04.0982 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/08 19:38:05.0174 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/08 19:38:05.0274 STHDA (96cb9fd21207af4456d37957441f6001) C:\Windows\system32\DRIVERS\stwrt.sys
2010/11/08 19:38:05.0429 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/08 19:38:05.0565 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS
2010/11/08 19:38:05.0691 SymEFA (9efc1085c6bdff31cc6f16401111edd2) C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS
2010/11/08 19:38:05.0820 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/11/08 19:38:05.0902 SymIRON (0a18c5c7eb607219d1976ba488e2b1b7) C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS
2010/11/08 19:38:05.0992 SYMTDIv (f218223234b9f31f88ffc50efb2e55e1) C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS
2010/11/08 19:38:06.0127 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/08 19:38:06.0363 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/11/08 19:38:06.0527 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/08 19:38:06.0640 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/08 19:38:06.0728 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/11/08 19:38:06.0782 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/11/08 19:38:06.0861 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/08 19:38:06.0946 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/08 19:38:07.0140 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/08 19:38:07.0218 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/08 19:38:07.0288 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/08 19:38:07.0366 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/08 19:38:07.0501 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/08 19:38:07.0578 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/08 19:38:07.0646 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/08 19:38:07.0743 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/08 19:38:07.0814 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/08 19:38:07.0883 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/08 19:38:07.0978 usbhub (0db84eda895894ba222e27acf597c806) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/08 19:38:08.0064 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/08 19:38:08.0128 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/08 19:38:08.0211 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/08 19:38:08.0272 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/08 19:38:08.0363 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2010/11/08 19:38:08.0527 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/08 19:38:08.0630 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/08 19:38:08.0706 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/11/08 19:38:08.0789 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/08 19:38:08.0877 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/11/08 19:38:08.0935 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/11/08 19:38:09.0072 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/08 19:38:09.0229 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/08 19:38:09.0320 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/11/08 19:38:09.0399 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/08 19:38:09.0494 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/08 19:38:09.0587 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/08 19:38:09.0694 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/08 19:38:09.0840 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/08 19:38:09.0911 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/08 19:38:09.0963 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/08 19:38:10.0139 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/11/08 19:38:10.0227 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/08 19:38:10.0502 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/08 19:38:10.0566 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/11/08 19:38:10.0853 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/08 19:38:11.0033 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/08 19:38:11.0204 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/11/08 19:38:11.0286 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/08 19:38:11.0462 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2010/11/08 19:38:11.0579 ================================================================================
2010/11/08 19:38:11.0579 Scan finished
2010/11/08 19:38:11.0579 ================================================================================
2010/11/08 19:38:22.0034 Deinitialize success

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:18 AM

Posted 09 November 2010 - 05:13 AM

There may have been more than the one setting that has been altered.

Please run OTL next, this will scan the PC for relevant areas to check

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:18 AM

Posted 14 November 2010 - 06:19 PM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#8 collinstevens

collinstevens
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans. LA
  • Local time:01:18 AM

Posted 14 November 2010 - 10:40 PM

Sorry about that brother, I got swamped at work the past couple of days and have hardly had time to breath. I aplogize if I've held up anyone else with getting their problems worked on. Here are the OTL logs starting with Extras.

OTL Extras logfile created on: 11/12/2010 1:00:23 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Keith\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

987.00 Mb Total Physical Memory | 376.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 24.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 94.67 Gb Free Space | 69.01% Space Free | Partition Type: NTFS
Drive D: | 11.57 Gb Total Space | 1.93 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.25 Mb Free Space | 93.33% Space Free | Partition Type: FAT32

Computer Name: KEYDO | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}" = HP QuickWeb
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4414C431-245A-4AF7-8FE0-3ED2333FD8D2}" = HP MediaStream
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4B7057D5-6D5D-4088-8217-48EA20C44373}" = HP User Guides 0169
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EEA95E6C-6847-49BE-83C9-ED92D8E18983}" = HP QuickSync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NIS" = Norton Internet Security
"SopCast" = SopCast 3.2.9
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZumoDrive" = HP CloudDrive

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2010 4:13:47 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:13:47 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:13:47 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:13:47 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:13:48 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:13:51 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:13:55 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:14:41 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:14:43 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/30/2010 4:14:46 PM | Computer Name = keydo | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 6/14/2010 9:13:14 AM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 6/14/2010 9:13:15 AM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/16/2010 2:53:50 PM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/6/2010 12:50:06 PM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/28/2010 3:36:58 AM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 11/1/2010 11:52:14 PM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 11/1/2010 11:52:38 PM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 11/1/2010 11:52:39 PM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description =

Error - 11/1/2010 11:52:52 PM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 11/1/2010 11:52:52 PM | Computer Name = keydo | Source = Hewlett-Packard | ID = 0
Description = en-US Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

[ System Events ]
Error - 10/26/2010 4:20:24 PM | Computer Name = keydo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NIS service.

Error - 10/27/2010 1:28:58 AM | Computer Name = keydo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WSearch service.

Error - 10/27/2010 5:23:56 AM | Computer Name = keydo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 10/27/2010 8:26:54 AM | Computer Name = keydo | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/27/2010 2:37:39 PM | Computer Name = keydo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 10/28/2010 3:20:26 AM | Computer Name = keydo | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 10/28/2010 10:34:01 AM | Computer Name = keydo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NIS service.

Error - 10/28/2010 3:21:43 PM | Computer Name = keydo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/29/2010 11:50:39 AM | Computer Name = keydo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/29/2010 3:58:44 PM | Computer Name = keydo | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >


OTL logfile created on: 11/12/2010 1:00:23 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Keith\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

987.00 Mb Total Physical Memory | 376.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 24.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 94.67 Gb Free Space | 69.01% Space Free | Partition Type: NTFS
Drive D: | 11.57 Gb Total Space | 1.93 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.25 Mb Free Space | 93.33% Space Free | Partition Type: FAT32

Computer Name: KEYDO | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Keith\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard)
PRC - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe (Zecter Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)


========== Modules (SafeList) ==========

MOD - C:\Users\Keith\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe (IDT, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100422.002\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100422.002\NAVENG.SYS File not found
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\IDSvix86.sys (Symantec Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (DVMIO) -- C:\SPLASH.SYS\config\dvmio.sys (DeviceVM, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/03/26 09:09:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/30 01:32:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 23:45:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 23:45:49 | 000,000,000 | ---D | M]

[2010/10/10 18:08:33 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2010/10/10 18:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/11/12 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\xfh2830j.default\extensions
[2010/11/11 04:32:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\xfh2830j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/20 01:28:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\xfh2830j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/17 12:19:03 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\xfh2830j.default\extensions\vshare@toolbar
[2010/10/10 18:08:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/21 23:45:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/21 23:45:38 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/21 23:45:38 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 15:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/05/12 12:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/10/21 23:45:42 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/05/01 15:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/10/21 23:45:44 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/21 23:45:44 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/21 23:45:44 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/21 23:45:44 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/21 23:45:44 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/10/21 23:45:44 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/21 23:45:44 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Simplify Media] C:\Program Files\Hp\HP MediaStream\HPMediaStream.exe (Simplify Media, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [utigg] C:\Users\Keith\AppData\Roaming\el-GR6.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 01:42:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2010/11/02 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mobipocket Shared
[2010/11/02 17:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2010/11/02 17:04:32 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\WinZip
[2010/11/02 17:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/11/02 17:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/11/02 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/30 02:34:08 | 000,000,000 | ---D | C] -- C:\1eb6e36c64bdcdb569dbd7fdcd4604
[2010/10/29 10:38:49 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Malware Removal
[2010/10/27 04:45:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/27 04:45:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/27 04:45:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/27 04:45:41 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/27 01:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/27 01:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/27 01:40:45 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Malwarebytes
[2010/10/27 01:39:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/27 01:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/27 01:39:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/27 01:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/26 12:00:26 | 000,103,424 | RHS- | C] (Microsoft Corporation) -- C:\Users\Keith\AppData\Roaming\el-GR6.dll
[2010/10/24 02:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/22 12:43:34 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/10/21 15:52:18 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Movies and Tv Shows
[2010/10/19 19:10:34 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\StreamTorrent
[2010/10/19 19:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTorrent 1.0
[2010/10/19 19:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/10/19 18:58:19 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\vlc
[2010/10/19 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/17 16:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/10/17 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\uTorrent
[2010/10/17 14:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/10/17 11:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/17 11:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/17 11:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

========== Files - Modified Within 30 Days ==========

[2010/11/12 12:51:56 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/11/12 12:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/12 02:37:36 | 734,345,216 | ---- | M] () -- C:\Users\Keith\Desktop\tsa-cd2.avi
[2010/11/12 02:06:02 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/12 02:06:02 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/12 01:42:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2010/11/12 01:28:08 | 733,710,336 | ---- | M] () -- C:\Users\Keith\Desktop\dmd-tsa-cd1.avi.avi
[2010/11/12 00:59:20 | 578,842,624 | ---- | M] () -- C:\Users\Keith\Desktop\Big.Love.S04E03.HDTV.XviD-SYS.avi
[2010/11/08 20:27:10 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 20:27:10 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/06 00:23:59 | 000,001,368 | ---- | M] () -- C:\Users\Keith\Desktop\uTorrent - Shortcut.lnk
[2010/10/29 13:58:23 | 776,564,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/26 12:26:54 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKeith.job
[2010/10/26 12:00:26 | 000,103,424 | RHS- | M] (Microsoft Corporation) -- C:\Users\Keith\AppData\Roaming\el-GR6.dll
[2010/10/19 18:58:04 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/19 11:37:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/17 11:58:25 | 000,001,882 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/14 02:38:18 | 000,339,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/12 01:35:32 | 734,345,216 | ---- | C] () -- C:\Users\Keith\Desktop\tsa-cd2.avi
[2010/11/12 01:28:08 | 733,710,336 | ---- | C] () -- C:\Users\Keith\Desktop\dmd-tsa-cd1.avi.avi
[2010/11/08 23:25:00 | 578,842,624 | ---- | C] () -- C:\Users\Keith\Desktop\Big.Love.S04E03.HDTV.XviD-SYS.avi
[2010/11/06 00:23:59 | 000,001,368 | ---- | C] () -- C:\Users\Keith\Desktop\uTorrent - Shortcut.lnk
[2010/10/19 18:58:04 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/19 11:37:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/17 11:58:25 | 000,001,882 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/03/26 09:08:20 | 000,000,000 | ---- | C] () -- C:\Users\Keith\AppData\Local\QSwitch.txt
[2010/03/26 09:08:20 | 000,000,000 | ---- | C] () -- C:\Users\Keith\AppData\Local\DSwitch.txt
[2010/03/26 09:08:20 | 000,000,000 | ---- | C] () -- C:\Users\Keith\AppData\Local\AtStart.txt
[2010/03/26 09:08:17 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/02/12 02:59:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/02/12 02:59:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/02/12 02:49:15 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/02/12 02:43:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/02/12 02:41:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/02/12 02:41:45 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2009/11/18 02:41:30 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/11/18 02:39:06 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/09/27 15:49:50 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/10/22 12:43:34 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/10/19 19:10:34 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\StreamTorrent
[2010/11/12 13:01:18 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\uTorrent
[2010/04/15 02:16:40 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\ZumoDrive
[2009/07/13 22:53:46 | 000,015,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:18 AM

Posted 15 November 2010 - 05:08 PM

Glad you're back. Let's rerun OTL, as below.

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please run a new OTL scan (scan only). Please let me know how the redirects are going too.
Posted Image
m0le is a proud member of UNITE

#10 collinstevens

collinstevens
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans. LA
  • Local time:01:18 AM

Posted 17 November 2010 - 04:30 PM

I ran the OTL Runfix command you asked me to paste. I also had Spybot running and it asked me if I wanted to allow changes to to items but I'm afraid I didn't write down what they were (dumb!) I answered yes to both and OTL said the fix was run, then asked if I wanted to open the newest log. Unfortunately it created folders for the logs but there are no actual logs in these folders. Please advise on how I should proceed

Thanks,
Collin

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:18 AM

Posted 17 November 2010 - 06:31 PM

Without the OTL fix log we need to run OTL on Scan and post the log.

How is the PC running now?
Posted Image
m0le is a proud member of UNITE

#12 collinstevens

collinstevens
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans. LA
  • Local time:01:18 AM

Posted 18 November 2010 - 02:10 AM

Still doing the redirect. Not all the time, but I suppose it doesn't matter how often it does it, as long as it's still there it's bad ;) It also seems to start up weird after every battery rundown restart. Which I try to avoid but it has happened once or twice since posting here. It may be nothing. It just doesn't want to allow "recovery" when it's restarted after the battery running down. It offers the option but then only allows normal start up. I'm fine with that though, if it's not going to mess it up further if I avoid letting the battery run down, just want to get the redirect virus off. I'll run the OTL scan tonight after I get off of work and post it.

Thanks,
Collin

#13 collinstevens

collinstevens
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans. LA
  • Local time:01:18 AM

Posted 21 November 2010 - 06:06 AM

Here are the scans for OTL again. God, I'm terrible about getting back on time. I apologize again for taking too long and taking valuable time away from you and the other posters in need. Thank you for bearing with me it's been a crazy couple of weeks for me with work. Anyway, without further ado

OTL logfile created on: 11/19/2010 8:21:57 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Keith\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

987.00 Mb Total Physical Memory | 368.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 36.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 79.07 Gb Free Space | 57.64% Space Free | Partition Type: NTFS
Drive D: | 11.57 Gb Total Space | 1.93 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.25 Mb Free Space | 93.33% Space Free | Partition Type: FAT32

Computer Name: KEYDO | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Keith\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe (Zecter Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe (Andrea Electronics Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Keith\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe (IDT, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\SPLASH.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100422.002\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100422.002\NAVENG.SYS File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100415.001\IDSvix86.sys (Symantec Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (DVMIO) -- C:\SPLASH.SYS\config\dvmio.sys (DeviceVM, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/03/26 09:09:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/30 01:32:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 23:45:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 23:45:49 | 000,000,000 | ---D | M]

[2010/10/10 18:08:33 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2010/10/10 18:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/11/19 13:20:19 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\xfh2830j.default\extensions
[2010/11/11 04:32:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\xfh2830j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/20 01:28:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\xfh2830j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/17 12:19:03 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\xfh2830j.default\extensions\vshare@toolbar
[2010/10/10 18:08:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/21 23:45:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/21 23:45:38 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/21 23:45:38 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 15:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/05/12 12:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/10/21 23:45:42 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/05/01 15:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/10/21 23:45:44 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/21 23:45:44 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/21 23:45:44 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/21 23:45:44 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/21 23:45:44 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/10/21 23:45:44 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/21 23:45:44 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Simplify Media] C:\Program Files\Hp\HP MediaStream\HPMediaStream.exe (Simplify Media, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [utigg] C:\Users\Keith\AppData\Roaming\el-GR6.DLL (Microsoft Corporation)
O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: daemon-tools.cc ([www] * in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/19 00:33:46 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\supernatural.s06e06.hdtv.xvid-fqm
[2010/11/17 15:24:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/15 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/11/15 15:35:02 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Tific
[2010/11/15 15:34:55 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Symantec
[2010/11/15 15:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/11/15 15:13:11 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\DAEMON Tools Lite
[2010/11/15 15:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/11/15 14:50:36 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Leadertech
[2010/11/15 14:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Infogrames Interactive
[2010/11/12 01:42:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2010/11/02 17:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mobipocket Shared
[2010/11/02 17:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2010/11/02 17:04:32 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\WinZip
[2010/11/02 17:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/11/02 17:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/11/02 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/29 10:38:49 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Malware Removal
[2010/10/27 04:45:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/27 04:45:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/27 04:45:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/27 04:45:41 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/27 01:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/27 01:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/27 01:40:45 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Malwarebytes
[2010/10/27 01:39:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/27 01:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/27 01:39:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/27 01:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/26 12:00:26 | 000,103,424 | RHS- | C] (Microsoft Corporation) -- C:\Users\Keith\AppData\Roaming\el-GR6.dll
[2010/10/24 02:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/10/22 12:43:34 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/10/21 15:52:18 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Movies and Tv Shows

========== Files - Modified Within 30 Days ==========

[2010/11/19 20:12:00 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/11/19 19:09:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/18 01:56:58 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/18 01:56:58 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/18 01:55:35 | 367,446,231 | ---- | M] () -- C:\Users\Keith\Desktop\terriers.s01e11.hdtv.xvid-fqm.avi
[2010/11/17 15:27:09 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 15:27:09 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 15:16:00 | 776,564,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 15:14:41 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/11/15 14:27:02 | 000,256,000 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/11/15 14:26:50 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat
[2010/11/14 15:10:27 | 000,038,206 | ---- | M] () -- C:\Users\Keith\Desktop\gianormous-spiders-500x409.jpg
[2010/11/14 02:37:42 | 881,842,176 | ---- | M] () -- C:\Users\Keith\Desktop\Manny Pacquiao vs Antonio Margarito (HBO) [Obama-SLP].vob.part
[2010/11/12 01:42:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2010/11/06 00:23:59 | 000,001,368 | ---- | M] () -- C:\Users\Keith\Desktop\uTorrent - Shortcut.lnk
[2010/10/29 22:01:06 | 367,501,224 | ---- | M] () -- C:\Users\Keith\Desktop\supernatural.s06e06.hdtv.xvid-fqm.avi
[2010/10/26 12:26:54 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKeith.job
[2010/10/26 12:00:26 | 000,103,424 | RHS- | M] (Microsoft Corporation) -- C:\Users\Keith\AppData\Roaming\el-GR6.dll
[2010/10/22 22:01:02 | 367,470,580 | ---- | M] () -- C:\Users\Keith\Desktop\supernatural.s06e05.hdtv.xvid-fqm.avi

========== Files Created - No Company Name ==========

[2010/11/19 00:33:46 | 367,501,224 | ---- | C] () -- C:\Users\Keith\Desktop\supernatural.s06e06.hdtv.xvid-fqm.avi
[2010/11/19 00:31:34 | 367,470,580 | ---- | C] () -- C:\Users\Keith\Desktop\supernatural.s06e05.hdtv.xvid-fqm.avi
[2010/11/18 01:14:57 | 367,446,231 | ---- | C] () -- C:\Users\Keith\Desktop\terriers.s01e11.hdtv.xvid-fqm.avi
[2010/11/15 15:14:41 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/11/15 14:27:02 | 000,256,000 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
[2010/11/15 14:26:50 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/11/14 15:10:19 | 000,038,206 | ---- | C] () -- C:\Users\Keith\Desktop\gianormous-spiders-500x409.jpg
[2010/11/14 02:38:21 | 881,842,176 | ---- | C] () -- C:\Users\Keith\Desktop\Manny Pacquiao vs Antonio Margarito (HBO) [Obama-SLP].vob.part
[2010/11/06 00:23:59 | 000,001,368 | ---- | C] () -- C:\Users\Keith\Desktop\uTorrent - Shortcut.lnk
[2010/03/26 09:08:20 | 000,000,000 | ---- | C] () -- C:\Users\Keith\AppData\Local\QSwitch.txt
[2010/03/26 09:08:20 | 000,000,000 | ---- | C] () -- C:\Users\Keith\AppData\Local\DSwitch.txt
[2010/03/26 09:08:20 | 000,000,000 | ---- | C] () -- C:\Users\Keith\AppData\Local\AtStart.txt
[2010/03/26 09:08:17 | 000,000,193 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/02/12 02:59:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/02/12 02:59:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/02/12 02:49:15 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/02/12 02:43:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/02/12 02:41:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/02/12 02:41:45 | 000,000,217 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2009/11/18 02:41:30 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/11/18 02:39:06 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/09/27 15:49:50 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/10/22 12:43:34 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/11/15 15:13:11 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\DAEMON Tools Lite
[2010/11/15 14:50:36 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Leadertech
[2010/10/19 19:10:34 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\StreamTorrent
[2010/11/15 15:35:02 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Tific
[2010/11/19 20:22:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\uTorrent
[2010/04/15 02:16:40 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\ZumoDrive
[2009/07/13 22:53:46 | 000,016,410 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:18 AM

Posted 21 November 2010 - 10:41 AM

The log looks clean now.

We need to make sure that the router and the settings are reset

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Now

Right-click on the Command Prompt icon (find it by opening the bottom left windows logo and type cmd in the search bar) and select
"Run as administrator".

Then type in:
ipconfig /flushdns
and press Enter

Please let me know how the redirects are after this.
Posted Image
m0le is a proud member of UNITE

#15 collinstevens

collinstevens
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans. LA
  • Local time:01:18 AM

Posted 23 November 2010 - 03:18 PM

Unfortunately I am still getting the redirects. I'm not sure why the log would be coming up clean.

In addition, I will be unable to do a hard reset on any router as I'm just using the wireless card in my computer and a city installed free wifi service. It's just a Linksys signal that comes through, I believe, the telephone polls outside of my house. I live in New Orleans, and prior to Katrina the city had planned on installing high speed free wireless all over the city, but after the storm abandoned it. There are still hotspots out there sporadically though, left over from the work already done pre-Katrina that they've left up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users