Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware redirecting Google search results


  • This topic is locked This topic is locked
11 replies to this topic

#1 onemansgarbage

onemansgarbage

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 04 November 2010 - 01:03 PM

Hello and thank you for your help.
About a month ago, my Google search results in Firefox started being redirected to random sites. I have always been what I thought was protected by Norton. I have tried many different malware removal programs to no avail.
Please help.


DDS (Ver_10-11-03.01) - NTFSx86
Run by Dad at 8:52:44.65 on Thu 11/04/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1256 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dad\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBaySummary&migrateVisitor=3
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\dad\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [hpqSRMon]
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: ,2009\kloehk.dll,"c:\progra~1\google\google,desktop,search\GoogleDesktopNetwork3.dll"
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\l460mwnp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&CurrentPage=MyeBayNextSummary&ssPageName=STRK:ME:LNLK:MESUMX
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dad\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-28 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-28 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101029.001\BHDrvx86.sys [2010-11-1 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-28 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101103.001\IDSvix86.sys [2010-10-19 353840]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-28 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-10-28 339504]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-28 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-29 102448]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-28 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-29 12:10:53 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-29 12:10:51 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-29 12:09:58 -------- d-----w- c:\progra~2\Hitman Pro
2010-10-28 19:31:05 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2010-10-28 19:31:05 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2010-10-28 19:31:05 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2010-10-28 19:31:04 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2010-10-28 19:31:04 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2010-10-28 19:31:04 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2010-10-28 19:31:03 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2010-10-28 19:30:44 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2010-10-27 18:42:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 18:42:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 18:42:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 14:54:40 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-27 14:54:40 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-27 14:54:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-27 14:54:09 -------- d-----w- c:\program files\Symantec
2010-10-27 14:53:17 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-27 14:53:16 -------- d-----w- c:\program files\Norton Security Suite
2010-10-27 14:53:01 -------- d-----w- c:\program files\NortonInstaller
2010-10-27 02:23:41 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 02:23:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 02:23:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 05:55:00 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{78998e03-6e72-4727-8062-4806b2f8c494}\mpengine.dll
2010-10-20 12:13:43 -------- d-----w- c:\windows\en
2010-10-20 12:13:15 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-20 12:08:17 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-20 12:08:17 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-20 12:08:17 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-20 12:07:57 469256 ----a-w- c:\program files\common files\windows live\.cache\6d77a3b41cb704f25\InstallManager_WLE_WLE.exe
2010-10-20 12:07:32 15712 ----a-w- c:\program files\common files\windows live\.cache\5fd865541cb704f1f\MeshBetaRemover.exe
2010-10-20 12:06:46 94040 ----a-w- c:\program files\common files\windows live\.cache\43d70dc41cb704f18\DSETUP.dll
2010-10-20 12:06:46 525656 ----a-w- c:\program files\common files\windows live\.cache\43d70dc41cb704f18\DXSETUP.exe
2010-10-20 12:06:46 1691480 ----a-w- c:\program files\common files\windows live\.cache\43d70dc41cb704f18\dsetup32.dll
2010-10-20 12:06:44 94040 ----a-w- c:\program files\common files\windows live\.cache\417550041cb704f17\DSETUP.dll
2010-10-20 12:06:44 525656 ----a-w- c:\program files\common files\windows live\.cache\417550041cb704f17\DXSETUP.exe
2010-10-20 12:06:44 1691480 ----a-w- c:\program files\common files\windows live\.cache\417550041cb704f17\dsetup32.dll
2010-10-20 12:05:15 -------- d-----w- c:\users\dad\appdata\local\Windows Live
2010-10-20 12:04:14 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-19 18:01:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 18:01:44 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-19 17:52:21 -------- d-----w- c:\progra~2\Panda Security
2010-10-17 13:37:49 -------- d-----w- c:\program files\Panda Security
2010-10-16 14:23:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-15 20:13:05 -------- d-----w- c:\users\dad\appdata\roaming\Tific
2010-10-15 20:12:40 -------- d-----w- c:\users\dad\appdata\local\Symantec
2010-10-15 16:53:46 -------- d-----w- c:\users\dad\appdata\roaming\CheckPoint
2010-10-15 16:52:32 -------- d-----w- c:\program files\ZoneAlarm_Security
2010-10-15 16:51:44 -------- d-----w- c:\program files\CheckPoint
2010-10-15 16:47:57 -------- d-----w- c:\program files\Zone Labs
2010-10-15 16:46:55 -------- d-----w- c:\progra~2\CheckPoint
2010-10-15 16:46:54 -------- d-----w- c:\windows\Internet Logs
2010-10-14 14:21:32 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-14 14:21:31 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-13 14:14:08 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 14:14:05 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 14:14:04 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 14:14:04 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 14:14:04 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 14:14:04 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 14:09:53 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 14:09:34 531968 ----a-w- c:\windows\system32\comctl32.dll

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-23 04:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 8:54:16.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 12 November 2010 - 06:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 onemansgarbage

onemansgarbage
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 14 November 2010 - 02:31 PM

Hi. Thank you for your help. Here are the logs. I had a hard time with GMER. It takes about 3 hours to run a scan and it would stop working.


OTL logfile created on: 11/13/2010 3:33:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.31 Gb Total Space | 73.24 Gb Free Space | 53.34% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.97 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/13 15:32:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2010/10/28 21:30:13 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 21:30:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/14 09:29:13 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/10/20 16:25:08 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/11/13 15:32:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
MOD - [2010/10/20 07:10:05 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/10/20 07:10:05 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/09/20 14:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/01/07 13:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\Desktop\New Folder (2)\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\klim6.sys -- (KLIM6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/11/03 19:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/10/27 09:59:09 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101113.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/27 09:59:09 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/27 09:59:09 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/27 09:59:09 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101113.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/27 09:54:09 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/19 15:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101112.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/05/27 21:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/06/24 05:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 11:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/08 06:27:54 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/01 07:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 07:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 07:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 05:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 12:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBaySummary&migrateVisitor=3
IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&CurrentPage=MyeBayNextSummary&ssPageName=STRK:ME:LNLK:MESUMX"
FF - prefs.js..extensions.enabledItems: {1CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/12 16:26:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/10/16 08:46:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/10/27 10:17:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/27 09:55:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/11 13:28:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/11 13:40:01 | 000,000,000 | ---D | M]

[2008/08/26 15:00:30 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2010/11/12 22:32:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\l460mwnp.default\extensions
[2010/10/16 08:46:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\l460mwnp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/03 17:09:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\l460mwnp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/11 13:30:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\l460mwnp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/11 13:16:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\l460mwnp.default\extensions\info@djzig.com
[2010/11/12 22:32:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/16 08:46:25 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
[2010/10/19 13:01:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/23 08:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3270200211-936423522-2539987767-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3270200211-936423522-2539987767-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - HKU\S-1-5-21-3270200211-936423522-2539987767-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_Plugin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (2009\kloehk.dll) - File not found
O20 - AppInit_DLLs: ("C:\PROGRA~1\Google\Google,Desktop,Search\GoogleDesktopNetwork3.dll") - C:\PROGRA~1\Google\Google,Desktop,Search\GoogleDesktopNetwork3.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/10 12:42:09 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{b30b617c-b441-11dd-aa93-001e6840514e}\Shell - "" = AutoRun
O33 - MountPoints2\{b30b617c-b441-11dd-aa93-001e6840514e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 15:32:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2010/11/11 13:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/11/11 13:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/11/11 13:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/11 13:33:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/11 13:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/11 13:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/11/11 13:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/11/11 13:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/11/11 13:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/10 16:59:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\Marauder Fender
[2010/10/29 07:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/10/29 07:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/10/28 14:31:05 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symtdiv.sys
[2010/10/28 14:31:05 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symds.sys
[2010/10/28 14:31:05 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symefa.sys
[2010/10/28 14:31:04 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.sys
[2010/10/28 14:31:04 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\ironx86.sys
[2010/10/28 14:31:04 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.sys
[2010/10/28 14:31:03 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.sys
[2010/10/28 14:30:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0403000.005
[2010/10/27 13:42:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/27 13:42:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/27 13:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/27 13:41:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dad\Desktop\mbam-setup.exe
[2010/10/27 09:54:37 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/10/27 09:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/27 09:53:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/10/27 09:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/10/27 09:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/10/21 16:00:21 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Amnesia
[2010/10/20 07:13:43 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/20 07:05:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Windows Live
[2010/10/19 12:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/10/19 07:06:09 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Simply Super Software
[2010/10/17 08:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/16 15:53:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dad\Desktop\HijackThis.exe
[2010/10/16 09:52:30 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dad\Desktop\tdsskiller.exe
[2010/10/16 09:23:33 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/10/15 15:13:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Tific
[2010/10/15 15:12:40 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Symantec
[2010/10/15 11:53:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\ForceField Shared Files
[2010/10/15 11:53:46 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\CheckPoint
[2010/10/15 11:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2010/10/15 11:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/10/15 11:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/10/15 11:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/10/15 11:46:54 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/13 15:35:21 | 002,122,110 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2010/11/13 15:32:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2010/11/13 15:27:40 | 000,047,889 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/13 15:01:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3270200211-936423522-2539987767-1000UA.job
[2010/11/13 15:00:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 14:41:37 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 14:41:37 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 14:01:11 | 000,047,889 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/13 12:41:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/13 12:41:40 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/13 08:46:28 | 009,199,616 | ---- | M] () -- C:\Users\Dad\Documents\money.mny
[2010/11/13 08:28:39 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/11 22:38:29 | 000,572,501 | ---- | M] () -- C:\Users\Dad\Desktop\Mark VIII Conversion.pdf
[2010/11/11 22:15:47 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3270200211-936423522-2539987767-1000Core.job
[2010/11/11 17:15:18 | 000,001,356 | ---- | M] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2010/11/11 13:40:05 | 000,001,392 | ---- | M] () -- C:\Users\Dad\Desktop\DivX Movies.lnk
[2010/11/11 13:39:33 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/11/11 13:38:49 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/11/11 13:34:24 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/07 08:11:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/07 08:11:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/06 07:39:03 | 3152,961,536 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 10:16:58 | 000,295,424 | ---- | M] () -- C:\Users\Dad\Desktop\gmer.exe
[2010/11/04 07:50:25 | 000,628,736 | ---- | M] () -- C:\Users\Dad\Desktop\dds.scr
[2010/10/30 15:07:55 | 000,000,293 | ---- | M] () -- C:\Users\Dad\Documents\Dad - Shortcut.lnk
[2010/10/30 09:12:27 | 000,058,880 | ---- | M] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 06:36:00 | 000,002,262 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/10/29 07:10:53 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/29 07:10:52 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/10/27 13:42:54 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 13:41:59 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dad\Desktop\mbam-setup.exe
[2010/10/27 09:54:09 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/10/27 09:54:09 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/10/27 09:54:09 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/10/26 10:40:09 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2010/10/21 16:50:40 | 000,311,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/20 21:02:02 | 000,001,994 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/17 11:53:02 | 000,000,122 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\default.pls
[2010/10/17 11:52:58 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/10/16 15:53:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dad\Desktop\HijackThis.exe
[2010/10/16 09:52:46 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dad\Desktop\tdsskiller.exe
[2010/10/16 09:44:35 | 000,001,748 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/16 09:44:35 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/16 09:23:31 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/11 22:38:28 | 000,572,501 | ---- | C] () -- C:\Users\Dad\Desktop\Mark VIII Conversion.pdf
[2010/11/11 13:40:04 | 000,001,392 | ---- | C] () -- C:\Users\Dad\Desktop\DivX Movies.lnk
[2010/11/11 13:39:32 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/11/11 13:38:48 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/11/11 13:34:23 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/04 07:57:43 | 000,295,424 | ---- | C] () -- C:\Users\Dad\Desktop\gmer.exe
[2010/11/04 07:50:24 | 000,628,736 | ---- | C] () -- C:\Users\Dad\Desktop\dds.scr
[2010/10/30 15:07:55 | 000,000,293 | ---- | C] () -- C:\Users\Dad\Documents\Dad - Shortcut.lnk
[2010/10/30 06:35:38 | 002,122,110 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2010/10/29 07:10:53 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/29 07:10:52 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/10/28 14:31:05 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.cat
[2010/10/28 14:31:05 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.cat
[2010/10/28 14:31:05 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.cat
[2010/10/28 14:31:05 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.cat
[2010/10/28 14:31:05 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.inf
[2010/10/28 14:31:05 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.inf
[2010/10/28 14:31:05 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.inf
[2010/10/28 14:31:05 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.inf
[2010/10/28 14:31:04 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.cat
[2010/10/28 14:31:04 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.cat
[2010/10/28 14:31:04 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.cat
[2010/10/28 14:31:04 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.inf
[2010/10/28 14:31:04 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.inf
[2010/10/28 14:31:04 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.inf
[2010/10/28 14:31:03 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.cat
[2010/10/28 14:31:03 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.inf
[2010/10/28 14:30:44 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\isolate.ini
[2010/10/27 13:42:54 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/27 09:54:37 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/10/27 09:54:37 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/10/27 09:53:53 | 000,002,262 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/10/19 13:02:20 | 000,008,627 | ---- | C] () -- C:\Windows\System32\PAV_FOG.OPC
[2010/10/19 12:31:17 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/17 13:08:10 | 3152,961,536 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/16 09:44:34 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/12 14:37:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/01 12:36:58 | 000,047,889 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/06/01 12:36:57 | 000,047,889 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/19 14:35:03 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/06/19 14:34:48 | 000,000,180 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\setup.log
[2009/06/19 14:34:40 | 000,000,760 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\setup_ldm.iss
[2009/06/05 19:03:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/09 18:51:31 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
[2009/01/16 15:21:42 | 000,000,122 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\default.pls
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/17 13:09:46 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2008/06/08 06:27:53 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/06/01 16:00:59 | 000,058,880 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/27 00:37:44 | 000,027,649 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\nvModes.001
[2008/05/27 00:36:34 | 000,027,649 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\nvModes.dat
[2008/05/27 00:31:07 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\QSwitch.txt
[2008/05/27 00:31:07 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\DSwitch.txt
[2008/05/27 00:31:07 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\AtStart.txt
[2008/04/04 08:54:05 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/10 12:56:52 | 000,000,733 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/07/26 16:58:04 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Ashampoo
[2010/02/22 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\AVG9
[2010/10/21 15:55:46 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Azureus
[2010/10/15 11:53:46 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CheckPoint
[2009/10/20 16:10:45 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\com.SimplifyMedia.Player.777F8E5F373D5C48928A2CDCF8D06DC51B49ABB0.1
[2010/10/16 08:46:33 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\GetRightToGo
[2010/10/16 06:33:54 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\GoodSync
[2010/10/16 08:46:33 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\ICAClient
[2010/01/27 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
[2010/07/27 16:35:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\LimeWire
[2010/02/12 22:11:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Rokario
[2009/05/09 18:51:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Template
[2010/10/15 15:13:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Tific
[2008/09/13 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WildTangent
[2009/02/04 21:13:18 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Xilisoft Corporation
[2010/11/13 12:41:40 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/27 10:10:50 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.sys /90 >
[2010/08/31 08:27:38 | 002,038,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2010/10/19 12:29:42 | 000,012,263 | ---- | M] () -- C:\aaw7boot.log
[2008/03/10 12:42:09 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/06 07:39:03 | 3152,961,536 | -HS- | M] () -- C:\hiberfil.sys
[2008/03/10 12:19:06 | 000,000,385 | -H-- | M] () -- C:\IPH.PH
[2010/11/06 07:39:01 | 3466,776,576 | -HS- | M] () -- C:\pagefile.sys
[2010/10/16 09:55:54 | 000,065,266 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_16.10.2010_10.54.09_log.txt
[2010/10/16 13:37:51 | 000,064,780 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_16.10.2010_14.35.09_log.txt
[2010/10/19 15:40:03 | 000,060,924 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_19.10.2010_16.39.02_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >







OTL Extras logfile created on: 11/13/2010 3:33:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.31 Gb Total Space | 73.24 Gb Free Space | 53.34% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 1.97 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Shred With Tracks Eraser Pro] -- C:\Program Files\Acesoft\Tracks Eraser Pro\fileshred.exe %1 (Acesoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- File not found
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software
"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- File not found
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EEDEB6-F41A-45DD-A96B-E0A771F7BE53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{01412614-051D-43DD-8CDC-3ACF38C5D786}" = lport=2869 | protocol=6 | dir=in | app=system |
"{07DFAA65-F163-4195-B9B4-F848B800F070}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B3F5779-355B-45FF-8E74-23E7611A3D0B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B798E91-2424-4E5A-857B-C42996623C99}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1041F33E-8BE7-4268-AE6A-D1B4C64E23C7}" = lport=3390 | protocol=6 | dir=in | app=system |
"{137AB750-81B0-421D-95A0-2069515BF8FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{1F768AEA-D577-4703-A96A-BEE08B03C517}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25A1E8A2-BFA2-4059-9D58-53AB57376D8F}" = lport=445 | protocol=6 | dir=in | app=system |
"{41BC8885-534B-4BCA-A34E-D1D5E07152D5}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4624A5ED-6404-41DB-ADBC-4FCBE8A8252B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D696374-C3E2-49ED-B1C8-AA5D8B1BABBB}" = lport=3390 | protocol=6 | dir=in | app=system |
"{5EEAB86B-4163-418B-96F8-DC1F9A06ACB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{651390F9-6DE1-47AE-90BA-63D1E1CAF06C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6582C02C-17DE-4AFA-9601-02370F6CDCE4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{665BA07F-D58C-4D81-AEFD-327020D31759}" = rport=139 | protocol=6 | dir=out | app=system |
"{69A80DF4-E4CB-4295-9E80-A67A1B7B16F8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6A08AEF3-E58B-43A7-9542-0DC328549582}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{703FFA22-BE36-445D-8550-11218E5662D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{711A6B69-6C12-4C0C-B251-433C84206717}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{793DA2C2-62B0-444B-AA3B-9BE06D8DEDBA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80DE8A80-E1AA-4947-991D-EC50F1CBCBEE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93E17D2A-7A01-49A4-BC3C-0ADA62DB8A8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99B4CF76-E6E8-4DF5-9E42-7519F98BDCB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B0B46B7-D2C0-4084-936D-EF29F679AEFE}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A2265FD0-F0F7-4EFF-A120-599EBFB12E33}" = rport=138 | protocol=17 | dir=out | app=system |
"{A5067FF0-F2C6-4D69-8274-FFB90D11BE95}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A70A1A5C-0D3B-42B3-AC9F-8E501B7ED755}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A86B6E76-9FC6-4DE5-9A35-107A9DDDC833}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B0358676-FAC7-4B1D-BC6E-4F4F6832CB31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9222345-F254-4F5B-B5A5-F390F5C8DF32}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C158DAAC-6B73-4EA8-B440-4F4E6311A2B6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C6CFCFB1-024B-41AD-82A5-EDF3522C46C7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF42532D-23DD-4184-BB28-64AC0A048A90}" = lport=139 | protocol=6 | dir=in | app=system |
"{D2459BF8-F783-46C8-884A-B45333DAB648}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D2BB36B0-46D1-46CA-B745-46C3653181F5}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D90137D7-12D2-401B-882A-83CE5FFD38D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF88E9B3-1267-4AED-A859-B2C2199FF22E}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1C0F66F-6F0C-4175-AA35-461DE7E842ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECF3A315-15A3-4544-94CF-A70FC4331F72}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ED499BD7-B5B9-4966-9D7B-5C52A5019B69}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3B51946-AC05-4FAE-B548-53C71D6C552D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5D82E9D-A9F5-4573-8B18-1BBD1DA89028}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA29D912-7CB3-440B-887E-711961658B00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF150F33-A257-4B0A-9C20-7599B6DD7FE3}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06133A4B-0FDF-4986-BA98-FD819CCB9562}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{073D59F1-1755-438D-AAAB-86346A7B50F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A906D2D-DCC0-42A9-B436-C47E423CD075}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CF17CE5-CE82-447D-92A9-68F40B6D40E3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0F02ABDF-0FC0-4CA1-A24D-0747607ECC51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{177C3A2F-B643-4B01-85B8-CDC99C557BE6}" = protocol=17 | dir=in | app=c:\program files\cyberlink\pcm4everio\pcm4everio.exe |
"{1B163023-E7BC-4C8A-9BF3-26F1CAF4B114}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2302B994-5E31-476D-AB57-3D1EE34D564B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{24A1B09E-8990-4498-8380-DF0CFA7ABE94}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2AC76BC9-08D6-4D94-A893-B6EEBA44A2A7}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{313A2F00-F3FD-495E-8ED4-EB12DB01FCE5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{372B99DE-6BBC-4799-9717-19DFF270CAF1}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"{3E48FA89-81DE-42E4-A9B4-0FF0B8BBA562}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{4BE05AD6-B9D7-401B-A50F-F4102013E937}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4C0F1B93-B7AE-4DA7-AEEF-990458069B7C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4D178A69-B29D-4EC2-82F8-589B8D6A8EDC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{50091E5D-8F33-49B8-AFB9-B2BF3DE89BAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{506324E4-336F-42A4-97FB-1CE2C90B7051}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{58188A19-6531-456B-8161-D7021372F8D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A80FCA9-2779-413E-A470-6A2E85632131}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5C3C7CB4-137E-473B-AE58-AD9F868F3FEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65F2891B-EBCB-4908-8EA2-117ABAEF1720}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{678E9EC2-324B-48F5-AB2E-F17936C68D1B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6D6733B3-E4F0-4A36-AE16-9E4C3845F712}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6DC2D4F7-89B9-43A3-8BF4-E900C2655A22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EC112BF-EB9C-434E-8546-1F60E264E18B}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"{738EC2F2-A079-4600-9B93-E9729D5426DD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7A0049A1-CC1E-4C81-9A7D-CAC3C6FC5858}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7B12B509-5406-4792-829B-67133E152B0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{7FBC2559-7C69-48FE-9BDE-2EBE4DE022CF}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{87CFB356-BE98-4F61-A1F7-AD08D1E737BF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8AB68749-0107-4264-AB80-0E8DB1E96C8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{995C128C-BB4E-493C-A2D2-BDC16F8789B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A7D4638-DF3E-4164-AD02-B5242F55E8E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A1678DFA-006B-463E-A23C-31080C2B3373}" = protocol=6 | dir=in | app=c:\program files\cyberlink\pcm4everio\pcm4everio.exe |
"{A1C909D2-C450-43C6-BFAF-B1C567841723}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A3D5060B-E720-4019-844B-9B22C1CD3203}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A4F5EEBF-2249-45F5-BAFD-2D3AA002AEB8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A770DA38-D72B-4D09-AC69-E904564D6E7B}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{A7F91017-9148-4CA8-BA8B-DF48DC416F03}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A8E31CE7-C0CF-4C49-826B-23A44D7B6403}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AEADA049-60F9-4427-AF79-E1FBABE17783}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AF37CCCC-AE8D-4B84-B5B3-9CECEEF321BF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B47E83EF-174C-4B76-B114-B7233D544DFD}" = protocol=6 | dir=out | app=system |
"{B926283B-5FC9-4293-97ED-5662ACADCA76}" = protocol=17 | dir=in | app=c:\program files\cyberlink\pcm4everio\everioservice.exe |
"{C530B5CF-4187-4FC2-8AA6-A46DB32C681B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C8F82877-3346-46B3-A2E2-967DA9BD835F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C994C45F-B4B7-478B-949A-31ACB954B7CE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CBC5BBB7-CF21-4F98-8CEB-508F370D1DC5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD44DBCA-B38B-495D-A631-7AFCFE3423EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D553001E-B2EE-4830-ABC5-3EB24C7867AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5844FE3-6E1E-421E-85BF-667A2C05D225}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D5DF4508-45A5-4626-9E0C-1F49E20AD6DA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E00C1979-B720-4F7A-92EB-4B7F6984A2F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E5B468B1-D02F-4304-80CC-7FF7CB7C3B1C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E90DC4D4-DF7B-4742-960B-1654533EF918}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9EFEF4F-6850-4628-92DD-2783A42D8E06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB58DE43-766A-4E29-B269-0D6DC3F36B19}" = protocol=6 | dir=in | app=c:\program files\cyberlink\pcm4everio\everioservice.exe |
"{EEF23DDB-46C9-477F-8395-40FED5236415}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EF014EE3-D64C-4E35-96A5-542F95632A48}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F2818C29-0D22-47BC-A2FB-036F4CBB449C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FFC3C391-2BCD-4177-9200-F085B74FEDAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{1C85A61B-02DE-4781-AD81-8AC1F7C04700}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{22EAA272-C934-4E10-AA31-350FE38A9786}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{4CEA7BB2-0178-4989-80A3-E52079D0265C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7BAD59C7-DF4F-4A65-B25D-19EDE00E974A}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe |
"TCP Query User{7D59E0C8-A8EB-41B2-9345-F59054F25E93}C:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe |
"TCP Query User{D23369F0-723A-4B9B-AE1A-D91EEE0F698D}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{F3377D39-10AD-4F5C-A6B8-98816B4D5B69}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0F3D8563-7ED5-4401-88D3-D2F253BC2E08}C:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda antivirus pro 2011\apvxdwin.exe |
"UDP Query User{304D75C0-5094-4C0E-8BF7-E9ECE18FD16C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{3EFA6F9F-DBC2-41CE-8E33-A86A4355A353}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{69D7619E-1514-43BF-B851-8042E6D4F3C3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A82B623D-F34E-45E7-9A34-870EA6BF967D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{E862CEC8-6AE5-4D66-980C-089EF6A1A4E4}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe |
"UDP Query User{FAD54336-BA7B-4815-8EC4-E1AD316FE59A}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX Setup
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LimeWire" = LimeWire PRO 4.18.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money 2007 Home & Business
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tracks Eraser Pro_is1" = Tracks Eraser Pro v8.3 build 1000
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3270200211-936423522-2539987767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2010 7:21:23 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/11/2010 7:21:23 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4259

Error - 11/11/2010 7:21:23 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4259

Error - 11/11/2010 7:21:24 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/11/2010 7:21:24 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5273

Error - 11/11/2010 7:21:24 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5273

Error - 11/11/2010 7:21:25 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/11/2010 7:21:25 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6287

Error - 11/11/2010 7:21:25 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6287

Error - 11/11/2010 7:21:26 PM | Computer Name = DAD-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Media Center Events ]
Error - 5/31/2008 7:29:46 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 12:43:43 PM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 12/15/2008 4:42:40 PM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/3/2009 11:28:42 PM | Computer Name = Dad-PC | Source = McrMgr | ID = 109
Description = The shell process exited unexpectedly.

Error - 2/3/2009 11:34:52 PM | Computer Name = Dad-PC | Source = McrMgr | ID = 109
Description = The shell process exited unexpectedly.

Error - 2/3/2009 11:43:00 PM | Computer Name = Dad-PC | Source = McrMgr | ID = 109
Description = The shell process exited unexpectedly.

Error - 2/3/2009 11:47:49 PM | Computer Name = Dad-PC | Source = McrMgr | ID = 109
Description = The shell process exited unexpectedly.

Error - 2/7/2009 4:34:32 PM | Computer Name = Dad-PC | Source = McrMgr | ID = 109
Description = The shell process exited unexpectedly.

Error - 7/18/2009 3:33:16 AM | Computer Name = Dad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/12/2010 9:39:07 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/12/2010 9:51:09 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/12/2010 10:03:07 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/12/2010 10:15:08 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/12/2010 10:27:08 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/12/2010 10:39:07 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/12/2010 10:51:07 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/13/2010 2:32:13 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/13/2010 4:32:10 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.

Error - 11/13/2010 4:44:09 PM | Computer Name = Dad-PC | Source = bowser | ID = 8003
Description = The master browser has received a server announcement from the computer
BRIAN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{24C2F2A6-A412-4DA1-B971-AC3D276B0446.
The
master browser is stopping or an election is being forced.


< End of report >




Attached File  Ark.txt   10.4KB   1 downloads

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 14 November 2010 - 02:47 PM

Hello, onemansgarbage.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWIre). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578










Step 1

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 onemansgarbage

onemansgarbage
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 14 November 2010 - 07:48 PM

I had AVG a long time ago. It is no longer installed on my computer.

After running Combofix, Firefox was no longer my default browser. I switched back. I tried searching using Google and the redirecting problem seems to have been repaired. The only other difference I noticed is that when I tried to exit Comcast Desktop Doctor I get an error message.

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
Illegal operation attemted on a registry key that has been marked for deletion

I don't use Desktop Doctor and plan on just uninstalling it.


ComboFix 10-11-14.01 - Dad 11/14/2010 19:07:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1308 [GMT -5:00]
Running from: c:\users\Dad\Desktop\etavaresCF.exe.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\windows\system32\KBL.LOG

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-15 00:16 . 2010-11-15 00:24 -------- d-----w- c:\users\Dad\AppData\Local\temp
2010-11-15 00:16 . 2010-11-15 00:16 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-11-15 00:16 . 2010-11-15 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-11 18:38 . 2010-11-11 18:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-11-11 18:37 . 2010-11-11 18:40 -------- d-----w- c:\programdata\DivX
2010-11-11 18:34 . 2010-11-11 18:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-11 18:31 . 2010-11-11 18:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-11 18:30 . 2010-11-11 18:30 -------- d-----w- c:\programdata\McAfee
2010-11-10 12:24 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-10-29 12:10 . 2010-10-29 12:10 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-29 12:10 . 2010-10-29 12:10 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-29 12:09 . 2010-10-29 12:09 -------- d-----w- c:\programdata\Hitman Pro
2010-10-27 18:42 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 18:42 . 2010-10-27 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 18:42 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 14:54 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-27 14:54 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-27 14:54 . 2010-10-27 14:54 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-27 14:54 . 2010-10-27 14:54 -------- d-----w- c:\program files\Symantec
2010-10-27 14:53 . 2010-10-30 11:36 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-27 14:53 . 2010-10-27 14:53 -------- d-----w- c:\program files\Norton Security Suite
2010-10-27 14:53 . 2010-10-27 14:53 -------- d-----w- c:\program files\NortonInstaller
2010-10-27 02:23 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 02:23 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 02:23 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 05:55 . 2010-10-18 13:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78998E03-6E72-4727-8062-4806B2F8C494}\mpengine.dll
2010-10-20 12:13 . 2010-10-20 12:13 -------- d-----w- c:\windows\en
2010-10-20 12:13 . 2010-09-23 04:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-20 12:08 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-20 12:08 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-20 12:08 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-20 12:07 . 2010-10-20 12:07 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\6d77a3b41cb704f25\InstallManager_WLE_WLE.exe
2010-10-20 12:07 . 2010-10-20 12:07 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\5fd865541cb704f1f\MeshBetaRemover.exe
2010-10-20 12:06 . 2010-10-20 12:06 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\43d70dc41cb704f18\DSETUP.dll
2010-10-20 12:06 . 2010-10-20 12:06 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\43d70dc41cb704f18\DXSETUP.exe
2010-10-20 12:06 . 2010-10-20 12:06 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\43d70dc41cb704f18\dsetup32.dll
2010-10-20 12:06 . 2010-10-20 12:06 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\417550041cb704f17\DSETUP.dll
2010-10-20 12:06 . 2010-10-20 12:06 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\417550041cb704f17\DXSETUP.exe
2010-10-20 12:06 . 2010-10-20 12:06 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\417550041cb704f17\dsetup32.dll
2010-10-20 12:05 . 2010-10-20 12:05 -------- d-----w- c:\users\Dad\AppData\Local\Windows Live
2010-10-20 12:04 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-19 18:01 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-19 18:01 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 17:52 . 2010-10-27 15:02 -------- d-----w- c:\programdata\Panda Security
2010-10-17 13:37 . 2010-10-27 19:54 -------- d-----w- c:\program files\Panda Security
2010-10-16 14:23 . 2010-10-16 14:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-03 11:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-13 14:13 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01 . 2010-10-13 14:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 14:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 14:13 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 14:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 14:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 14:13 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 14:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 14:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-13 14:14 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 14:14 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 14:14 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 14:14 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 14:14 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-13 14:13 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 14:13 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 14:09 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 14:13 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-13 14:14 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 02:23 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 02:23 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 02:23 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 02:23 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-20 16:05 . 2010-10-13 14:09 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11 . 2010-09-15 11:51 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update"="c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-17 136176]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-14 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 pbfilter;pbfilter;c:\users\Dad\Desktop\New Folder (2)\pbfilter.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-06-08 716272]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101112.001\IDSvix86.sys [2010-10-19 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-27 102448]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 12:30]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 12:30]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270200211-936423522-2539987767-1000Core.job
- c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-17 18:06]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270200211-936423522-2539987767-1000UA.job
- c:\users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-17 18:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBaySummary&migrateVisitor=3
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\l460mwnp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&CurrentPage=MyeBayNextSummary&ssPageName=STRK:ME:LNLK:MESUMX
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Dad\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-hpqSRMon - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Dad\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5396)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\System32\netshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-11-14 19:29:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-15 00:29

Pre-Run: 77,367,914,496 bytes free
Post-Run: 77,126,365,184 bytes free

- - End Of File - - 5BC888E6EC285E2E6827A5D8F26776A6

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 15 November 2010 - 07:03 PM

Hello, onemansgarbage.

Good news/bad news. Good news...the Goored infection in your Firefox has been fixed. Bad news, a critical windows file is infected. This is usually indicative of a Bamital infection, so I need to provide this warning:

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.



Step 1


First, do you have a Windows CD we can use?

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    userinit.*
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 onemansgarbage

onemansgarbage
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 15 November 2010 - 10:21 PM

I don't have a Windows CD. I bought this HP laptop a few years ago and I don't recall getting a CD with it.




SystemLook 04.09.10 by jpshortstuff
Log created at 22:16 on 15/11/2010 by Dad
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.*"
C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir --a---- 25088 bytes [02:24 21/01/2008] [02:24 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\ERDNT\cache\userinit.exe --a---- 25088 bytes [00:27 15/11/2010] [02:24 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\userinit.exe --a---- 25088 bytes [02:24 21/01/2008] [02:24 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\en-US\userinit.exe.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe --a---- 25088 bytes [02:24 21/01/2008] [02:24 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

-= EOF =-

#8 onemansgarbage

onemansgarbage
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 17 November 2010 - 03:51 PM

Well, I used the recovery manager to restore this PC back to it's original condition.

Am I safe now?

Dave

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 17 November 2010 - 07:58 PM

Hello, onemansgarbage.

Yes if you reset to factory condition, you should be as clean as possible. Safe is relative of course...see the tips below.

Safe surfing!


If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 onemansgarbage

onemansgarbage
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 17 November 2010 - 10:42 PM

Thank you very much for your help and for the tips on safe surfing.


Dave

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 18 November 2010 - 06:45 PM

No problem!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 21 November 2010 - 12:00 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users