Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected MBR - Norton power eraser says rikvm_C6F09094.sys is a bad file but the file remains and never gets fixed


  • This topic is locked This topic is locked
21 replies to this topic

#1 solovely

solovely

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 31 December 2011 - 11:37 PM

Please review steps already taken here:

http://www.bleepingcomputer.com/forums/topic435318.html/page__gopid__2531767#entry2531767



DDS results:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by HP at 23:13:02 on 2011-12-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5429 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\ProgramData\bProtector\bProtect.exe
C:\ProgramData\bProtector\bProtect.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\lxcrcoms.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732} : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\35F6C6F66756C697 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\568747562796F62736C65616E696E67637F6C6574796F6E637 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\C696E6B637973723030303D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: protector.dll
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
BHO-X64: SpecialSavings - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
BHO-X64: File2LinkIB - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB-X64: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB-X64: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun-x64: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: protector.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\57ofjqp1.default\
FF - prefs.js: browser.search.selectedengine - yahoo
FF - prefs.js: keyword.url - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111228.001\IDSviA64.sys [2011-12-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-12 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 bProtector;bProtector;C:\ProgramData\bProtector\bProtect.exe [2011-12-30 803328]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-12 13336]
R2 InstallBrainService;InstallBrain Updater Service;C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe [2011-12-30 273912]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-31 652872]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-10-6 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-12 2655768]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/07/12 10:57:26;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-7-12 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-31 06:29:08 -------- d-----w- C:\Users\HP\AppData\Roaming\Malwarebytes
2011-12-31 06:29:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-31 06:28:59 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-31 06:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-31 06:15:23 -------- d-----w- C:\Windows\SysWow64\Extensions
2011-12-30 06:57:17 748544 ----a-w- C:\Windows\SysWow64\protector.dll
2011-12-30 06:57:17 -------- d-----w- C:\ProgramData\bProtector
2011-12-30 06:57:02 -------- d-----w- C:\Program Files (x86)\file2linkib
2011-12-30 06:56:59 -------- d-----w- C:\Users\HP\AppData\Roaming\PerformerSoft
2011-12-30 06:56:57 19000 ----a-w- C:\Windows\System32\roboot64.exe
2011-12-30 06:56:53 -------- d-----w- C:\Program Files (x86)\SpecialSavings
2011-12-30 06:56:52 -------- d-----w- C:\Program Files (x86)\InstallBrainService
2011-12-30 06:42:15 89088 ----a-w- C:\mbr.exe
2011-12-30 06:26:44 -------- d-----w- C:\Program Files (x86)\Unlocker
2011-12-30 06:19:41 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-30 06:19:41 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-30 06:19:41 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-30 06:19:41 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-29 17:03:53 -------- d-----w- C:\Users\HP\AppData\Roaming\Visan
2011-12-29 17:03:53 -------- d-----w- C:\ProgramData\Visan
2011-12-29 05:25:53 -------- d-----w- C:\Users\HP\AppData\Local\{081ADEB0-0F7F-434C-96DA-63C861595D78}
2011-12-28 20:13:28 -------- d-----w- C:\Users\HP\AppData\Local\{D3F5FA03-0B95-4FB1-8904-EF193334CDDC}
2011-12-28 17:49:00 -------- d-----w- C:\Users\HP\AppData\Local\{2CD1F520-531A-466F-9CB7-82BF0B29BB6E}
2011-12-28 06:25:12 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-12-28 06:24:30 -------- d-----w- C:\Program Files\ATI Technologies
2011-12-28 06:22:34 -------- d-----w- C:\ATI
2011-12-24 04:32:00 -------- d-----w- C:\Users\HP\AppData\Local\IsolatedStorage
2011-12-20 07:23:42 -------- d-----w- C:\Users\HP\AppData\Local\{8C755118-96A5-4230-9BDA-9323A224B252}
2011-12-19 05:40:00 -------- d-----w- C:\Users\HP\AppData\Local\{FFDA8ACF-612B-4457-946C-45B0C67AC99E}
2011-12-17 20:10:11 -------- d-----w- C:\Users\HP\AppData\Local\{EE3921A3-8DFF-46A7-9898-23D4DB09F296}
2011-12-17 10:51:40 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2011-12-17 10:51:40 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-12-17 10:51:40 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-12-14 07:38:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 07:38:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-14 07:36:50 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 07:36:46 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 07:36:44 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:36:38 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 07:36:23 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-12-14 07:36:18 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2011-12-13 21:31:39 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-13 21:24:45 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-13 21:24:43 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-13 21:24:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-13 21:23:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-13 21:23:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-08 11:16:03 -------- d-----w- C:\Users\HP\AppData\Roaming\COWON
2011-12-08 11:10:28 -------- d-----w- C:\Program Files (x86)\JetAudio
2011-12-08 11:10:28 -------- d-----w- C:\Program Files (x86)\Common Files\COWON
2011-12-08 09:28:36 -------- d-----w- C:\Users\HP\AppData\Local\{F727249E-46C2-49CF-A1A7-CD5C879B4485}
2011-12-07 08:38:03 -------- d-----w- C:\ProgramData\YouTube Downloader
2011-12-07 08:37:57 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2011-12-06 07:53:29 -------- d-----w- C:\Users\HP\AppData\Local\NPE
2011-12-06 06:19:09 -------- d-----w- C:\Users\HP\AppData\Local\{1BC9D4B9-C96B-4CD0-9D67-159F6EBED923}
.
==================== Find3M ====================
.
2011-12-30 15:51:11 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-29 16:52:46 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-29 07:45:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 03:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-11-10 03:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-11-10 03:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-11-10 03:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-11-10 03:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll
2011-11-10 03:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-11-10 03:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-11-10 03:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-10-22 01:16:12 1843200 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-10-22 01:15:46 104448 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll
2011-10-22 01:12:32 2763264 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-10-22 01:07:42 125440 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-10-17 17:40:50 93712 ---ha-w- C:\Windows\System32\drivers\AtihdW76.sys
2011-10-15 07:06:18 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-15 07:06:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-08 23:34:19 8593920 ---ha-w- C:\Windows\System32\drivers\NETwNs64.sys
2011-10-08 23:34:18 799232 ----a-w- C:\Windows\System32\NETwNc64.dll
2011-10-08 23:34:18 2750464 ----a-w- C:\Windows\System32\NETwNr64.dll
2011-10-06 19:51:04 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-10-06 18:03:03 51496 ---ha-w- C:\Windows\System32\drivers\stflt.sys
.
============= FINISH: 23:14:39.89 ===============


Running 64bit Windows so no Gmer log

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:03 PM

Posted 06 January 2012 - 11:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 solovely

solovely
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 10 January 2012 - 02:42 PM

Hello,

Q1: I do not have the original windows CD that came with the computer, although I was able to create a windows repair disc.

Q2:The problems that I am experiencing- my computer slows & CPU usage goes to 100%. Sometimes when on the internet watching Netflix or even just trying to listen to music via the Windows Media Player the fan begins to run at what sounds like it's max and the computer slows almost to a freeze & the sound becomes distorted it kinda sounds like a broken robot. Sometimes running a Norton scan fixes this problem temporarily but the problem sometimes reoccurs within minutes. During a typical 1.5hr movie I usually have to run the scan over 10 times just so the movie/music will go back to normal.

Q3: The steps taken to correct the issue besides running a Norton scan with Norton Internet Security, i have tried using Norton Power Eraser which finds this file: rikvm_C6F09094.sys and says t is a bad file and says it will fix the file but it doesn't. Other than the steps taken in the previous forum which required me to download numerous of what I think were diagnostic programs including malware bites, no other removal attempts have been made.

My apologies for the delay, I created system back up discs in case a complete computer wipe was necessary.

OTL.txt results:
OTL logfile created on: 1/10/2012 1:59:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\HP\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.22% Memory free
15.79 Gb Paging File | 12.83 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): c:\pagefile.sys 8000 12260 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 565.53 Gb Total Space | 486.79 Gb Free Space | 86.08% Space Free | Partition Type: NTFS
Drive D: | 30.34 Gb Total Space | 4.46 Gb Free Space | 14.69% Space Free | Partition Type: NTFS
Drive G: | 3.84 Gb Total Space | 0.07 Gb Free Space | 1.91% Space Free | Partition Type: FAT32

Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 13:56:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
PRC - [2011/12/30 01:57:17 | 000,803,328 | ---- | M] (bProtector) -- C:\ProgramData\bProtector\bProtect.exe
PRC - [2011/12/30 01:55:01 | 000,273,912 | ---- | M] () -- C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe
PRC - [2011/12/30 01:19:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/14 13:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 13:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/11/09 17:16:22 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2010/09/30 05:25:20 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/09/30 05:25:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/15 13:30:08 | 000,739,664 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 20:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/05/01 13:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 16:21:07 | 000,379,904 | ---- | M] () -- C:\Users\HP\AppData\Local\Temp\libsqlitejdbc-1504505003070074300.lib
MOD - [2012/01/05 16:20:59 | 000,199,168 | ---- | M] () -- C:\Users\HP\AppData\Local\Temp\WindowsAPI.dll5784082724684378632.lib
MOD - [2012/01/02 03:04:41 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/02 03:04:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/30 01:57:17 | 000,748,544 | ---- | M] () -- C:\Windows\SysWOW64\protector.dll
MOD - [2011/12/30 01:19:40 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/19 02:33:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2011/10/19 02:33:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/19 02:33:43 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
MOD - [2011/10/19 02:33:41 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/19 00:16:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/19 00:15:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/19 00:15:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/19 00:15:38 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/19 00:15:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2006/05/25 16:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2400 Series\iptk.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/15 13:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/09/09 17:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/22 05:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/07/21 16:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/15 13:53:52 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/02/23 09:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2006/02/02 22:51:56 | 000,465,408 | ---- | M] ( ) [On_Demand | Running] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
SRV - [2011/12/30 01:57:17 | 000,803,328 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtector\bProtect.exe -- (bProtector)
SRV - [2011/12/30 01:55:01 | 000,273,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe -- (InstallBrainService)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/14 13:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/09/30 05:25:20 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/09/30 05:25:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/21 17:52:04 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 09:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [On_Demand | Running] -- C:\Windows\SysWow64\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/08 18:34:19 | 008,593,920 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/10/06 14:51:04 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:04:12 | 000,043,640 | RH-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/30 05:07:36 | 000,056,344 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/13 13:00:08 | 001,390,640 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/09 17:45:34 | 007,767,552 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/09 16:52:50 | 000,279,040 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/03 19:13:32 | 000,031,088 | -H-- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/22 05:19:24 | 000,515,584 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/23 20:10:56 | 000,344,680 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/17 20:18:28 | 000,246,376 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/06/15 13:53:58 | 000,030,008 | -H-- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/06/15 13:53:42 | 000,041,272 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | -H-- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | -H-- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/07 11:23:56 | 000,025,600 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2008/06/02 15:28:52 | 000,247,808 | -H-- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2008/05/09 10:08:40 | 000,213,120 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | -H-- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/01/06 15:49:27 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120110.002\EX64.SYS -- (NAVEX15)
DRV - [2012/01/06 15:49:27 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120110.002\ENG64.SYS -- (NAVENG)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 06:29:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 06:29:30 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/10/07 14:04:12 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120107.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.goonsearch.com/?source=IBR-IB-PDP-INS-HP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1597401907-3190714596-1025116355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.goonsearch.com/?source=IBR-IB-PDP-INS-HP
IE - HKU\S-1-5-21-1597401907-3190714596-1025116355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1597401907-3190714596-1025116355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1597401907-3190714596-1025116355-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1597401907-3190714596-1025116355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedengine: "yahoo"
FF - prefs.js..keyword.url: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/12 07:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/01/05 16:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/07/12 13:16:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/07/12 13:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/12 13:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/07/12 13:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/30 01:19:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles/57ofjqp1.default\extensions\superfish@superfish.com

[2011/10/08 23:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2011/12/31 01:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\57ofjqp1.default\extensions
[2011/12/30 01:57:09 | 000,000,000 | ---D | M] (File2LinkIB) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\57ofjqp1.default\extensions\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b}
[2011/12/30 01:57:17 | 000,002,409 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\57ofjqp1.default\searchplugins\SearchTheWeb.xml
[2011/12/30 01:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/30 01:26:47 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011/12/30 01:19:43 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/01/05 16:20:20 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3
[2011/12/30 01:19:41 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 01:53:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (File2LinkIB) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (File2LinkIB) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files (x86)\file2linkib\file2linkibX.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1597401907-3190714596-1025116355-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [EzPrint] C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1597401907-3190714596-1025116355-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1597401907-3190714596-1025116355-1000..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect114a.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E1233AC-5CE3-47A4-A542-8A85DAD6C732}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (protector.dll) - File not found
O20 - AppInit_DLLs: (protector.dll) -C:\Windows\SysWow64\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d1c455a6-063a-11e1-9630-2c27d7dde8f8}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c455a6-063a-11e1-9630-2c27d7dde8f8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\DriverInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 13:53:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2012/01/06 21:10:33 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\New folder
[2012/01/06 11:25:15 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Criminology
[2012/01/06 11:23:58 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\CJC 4410 Methods Offender Treatment - Leslie Hill
[2012/01/05 02:07:41 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{842683C1-775A-4A90-967E-62C2400952E5}
[2012/01/04 17:35:16 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\MigWiz
[2012/01/04 06:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/01/01 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{D4E3F0D0-8AA2-4591-A63F-0E6E098D0D40}
[2011/12/31 12:30:54 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\HP\Documents\aswMBR.exe
[2011/12/31 01:29:08 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2011/12/31 01:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/31 01:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/31 01:28:59 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/31 01:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/31 01:20:25 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\My computer issue software
[2011/12/31 01:15:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2011/12/31 01:05:01 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Security issue tools
[2011/12/30 10:51:20 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/12/30 10:51:20 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/12/30 10:51:20 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/12/30 10:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/30 01:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtector
[2011/12/30 01:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\file2linkib
[2011/12/30 01:56:59 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\PerformerSoft
[2011/12/30 01:56:57 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2011/12/30 01:56:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
[2011/12/30 01:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpecialSavings
[2011/12/30 01:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallBrainService
[2011/12/30 01:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2011/12/29 12:03:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Visan
[2011/12/29 12:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2011/12/29 11:52:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/29 11:52:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/29 11:52:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/29 11:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/12/29 11:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/12/29 02:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/29 02:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/29 02:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/12/29 00:50:06 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\CCJ 4938 Racial Profiling- Dr. Close
[2011/12/29 00:25:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{081ADEB0-0F7F-434C-96DA-63C861595D78}
[2011/12/28 15:13:28 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{D3F5FA03-0B95-4FB1-8904-EF193334CDDC}
[2011/12/28 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2CD1F520-531A-466F-9CB7-82BF0B29BB6E}
[2011/12/28 01:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/12/28 01:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/28 01:22:34 | 000,000,000 | ---D | C] -- C:\ATI
[2011/12/23 23:32:00 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\IsolatedStorage
[2011/12/20 02:23:42 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{8C755118-96A5-4230-9BDA-9323A224B252}
[2011/12/19 01:00:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/19 00:40:00 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{FFDA8ACF-612B-4457-946C-45B0C67AC99E}
[2011/12/17 15:10:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{EE3921A3-8DFF-46A7-9898-23D4DB09F296}
[2011/12/17 05:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2011/12/17 05:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/12/17 05:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/12/14 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\CCJ3654 Drugs in the Justice System
[2011/12/14 14:23:44 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Law Enforcement
[2011/12/14 02:37:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 02:37:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 02:37:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 02:37:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 02:37:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 02:37:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 02:36:50 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 02:36:46 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 02:36:44 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/14 02:36:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 02:36:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/13 16:31:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/13 16:24:43 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/13 16:24:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/11/17 16:06:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
[2011/11/17 16:06:49 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
[2011/11/17 16:06:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
[2011/11/17 16:06:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
[2011/11/17 16:06:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
[2011/11/17 16:06:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
[2011/11/17 16:06:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
[2011/11/17 16:06:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
[2011/11/17 16:06:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
[2011/11/17 16:06:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
[2011/11/17 16:06:49 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
[2011/11/17 16:06:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
[2011/11/17 16:06:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll

========== Files - Modified Within 30 Days ==========

[2012/01/10 13:56:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2012/01/10 13:42:00 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/01/10 06:38:23 | 000,024,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 06:38:23 | 000,024,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 06:37:10 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/10 06:37:10 | 000,626,214 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/10 06:37:10 | 000,107,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/09 16:17:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 21:52:31 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job
[2012/01/05 16:20:09 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 13:41:17 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP-HP$.job
[2012/01/05 12:41:10 | 000,001,160 | -H-- | M] () -- C:\Users\HP\Documents\$$JetTHM$$.cache
[2012/01/05 00:27:06 | 000,004,572 | ---- | M] () -- C:\Users\HP\Documents\Jacobsparts receipt 152012.htm
[2012/01/01 11:39:50 | 000,007,599 | ---- | M] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg
[2011/12/31 12:31:05 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\HP\Documents\aswMBR.exe
[2011/12/30 12:07:23 | 000,008,366 | ---- | M] () -- C:\Users\HP\Documents\Mail to Experian OutWalletAnswers2.do.htm
[2011/12/30 12:03:39 | 000,007,375 | ---- | M] () -- C:\Users\HP\Documents\Mail to experian OutWalletAnswers.do.htm
[2011/12/30 10:51:11 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/12/30 10:51:11 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/12/30 10:51:11 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/12/30 10:51:11 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/12/30 02:07:45 | 000,000,000 | ---- | M] () -- C:\Users\HP\defogger_reenable
[2011/12/30 01:57:23 | 000,002,061 | ---- | M] () -- C:\ProgramData\repository.xml
[2011/12/30 01:57:17 | 000,748,544 | ---- | M] () -- C:\Windows\SysWow64\protector.dll
[2011/12/30 01:55:01 | 000,273,912 | ---- | M] () -- C:\Users\HP\Desktop\PCPerformer_GN.exe
[2011/12/30 01:42:15 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2011/12/30 01:26:47 | 000,000,183 | ---- | M] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
[2011/12/29 11:52:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/12/29 11:52:46 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/29 11:52:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/29 11:52:46 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/29 11:48:31 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/29 02:45:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/14 11:25:39 | 000,285,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/05 00:27:05 | 000,004,572 | ---- | C] () -- C:\Users\HP\Documents\Jacobsparts receipt 152012.htm
[2011/12/30 12:07:23 | 000,008,366 | ---- | C] () -- C:\Users\HP\Documents\Mail to Experian OutWalletAnswers2.do.htm
[2011/12/30 12:03:39 | 000,007,375 | ---- | C] () -- C:\Users\HP\Documents\Mail to experian OutWalletAnswers.do.htm
[2011/12/30 02:07:45 | 000,000,000 | ---- | C] () -- C:\Users\HP\defogger_reenable
[2011/12/30 01:57:23 | 000,002,061 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/12/30 01:57:17 | 000,748,544 | ---- | C] () -- C:\Windows\SysWow64\protector.dll
[2011/12/30 01:55:01 | 000,273,912 | ---- | C] () -- C:\Users\HP\Desktop\PCPerformer_GN.exe
[2011/12/30 01:42:15 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2011/12/30 01:26:47 | 000,000,183 | ---- | C] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
[2011/12/29 12:03:42 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2011/12/29 11:48:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/29 11:48:31 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/29 02:51:26 | 000,007,599 | ---- | C] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg
[2011/12/29 00:24:28 | 000,001,160 | -H-- | C] () -- C:\Users\HP\Documents\$$JetTHM$$.cache
[2011/11/17 16:06:49 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
[2011/11/17 16:06:49 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/12 08:08:02 | 000,733,320 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/31 13:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/07/19 14:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 14:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/07/19 14:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/07/19 14:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/07/19 14:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/07/19 14:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/07/19 14:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/19 14:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/07/19 14:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/07/19 14:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/07/12 12:54:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/12 12:48:18 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/12 12:47:05 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/07/12 12:46:26 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/07/12 12:46:26 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010/11/01 20:06:42 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/21 12:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2010/06/15 21:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/08/11 16:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2006/03/03 23:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/12/30 01:42:15 | 000,089,088 | ---- | M] () -- C:\mbr.exe


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/11/01 20:25:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/01 20:22:14 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/01 20:25:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/01 20:22:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/01 20:25:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/01 20:22:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/01 20:25:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/11/01 20:22:14 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/01 20:25:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/01 20:25:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >


Extras results:
OTL Extras logfile created on: 1/10/2012 1:59:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\HP\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.22% Memory free
15.79 Gb Paging File | 12.83 Gb Available in Paging File | 81.25% Paging File free
Paging file location(s): c:\pagefile.sys 8000 12260 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 565.53 Gb Total Space | 486.79 Gb Free Space | 86.08% Space Free | Partition Type: NTFS
Drive D: | 30.34 Gb Total Space | 4.46 Gb Free Space | 14.69% Space Free | Partition Type: NTFS
Drive G: | 3.84 Gb Total Space | 0.07 Gb Free Space | 1.91% Space Free | Partition Type: FAT32

Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1597401907-3190714596-1025116355-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}" = HP MediaSmart Movies and TV
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}" = HP SimplePass Identity Protection
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BE6725F2-6D15-477C-86C6-4522B8569D62}" = HP MediaSmart SmartMenu
"{C29EFC9A-8013-2CE7-06BD-A758D3E9A0CD}" = ccc-utility64
"{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}" = HP 3D DriveGuard
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Lexmark 2400 Series" = Lexmark 2400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C00A84-1735-DC96-C9E7-E58FBE4E45E8}" = CCC Help Chinese Traditional
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{1857C022-C1CD-B6FC-C42D-8DFDC7172B70}" = CCC Help English
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E6E990A-728D-4700-9B0A-2CA541C93A12}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22E0435B-757A-AD98-264C-0A4AA3690831}" = CCC Help Spanish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{277AEF05-D6FB-47F1-17AB-E2DA3827EAD6}" = CCC Help Swedish
"{2B9D24D0-5DE9-64F7-5EA7-DC1ACECC8282}" = CCC Help Norwegian
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40E94520-B394-2EA8-8664-ADFFC611783C}" = CCC Help Polish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C1FCA59-F16F-84EC-3C92-D7407EB82562}" = CCC Help Chinese Standard
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D1193CC-0658-4C98-B1FF-86CBC5BFB27C}" = HP Documentation
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68E65DEF-C2E8-83E3-E327-B3F8C4FDCFD2}" = CCC Help Korean
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6E7EB33D-989E-C4F3-7D1A-09FDEC83E144}" = CCC Help Russian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70D50054-7473-C4F0-F4A6-C5EDFC464C69}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}" = HP MediaSmart/TouchSmart Netflix
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B7B738B-90E4-83AC-515B-22E3304AA06E}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92A2E97D-7C1C-0710-C6D8-13977C8B48AA}" = CCC Help Greek
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97539F33-496C-1D37-964A-5A7952824839}" = Catalyst Control Center Graphics Previews Vista
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0D048D-FF81-B725-A567-6AC84FF23E15}" = CCC Help Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4F629E5-EFDE-371E-33D5-8749A3A34704}" = PX Profile Update
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1951667-F3A9-9DD4-A05F-D1E03688D4A5}" = ccc-core-static
"{B34A96AE-03BC-32B1-42D2-931EEDE8D016}" = CCC Help Italian
"{BA5D7595-B18C-C29D-E031-FC40A9AAD947}" = Catalyst Control Center Localization All
"{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch
"{BBE693A6-2481-FDD6-AEB5-39AB81B2D96B}" = CCC Help Hungarian
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5CD3757-C3F6-7B11-5546-D9A271519937}" = CCC Help French
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD9ACDC0-E9A4-E969-6867-04BAD8FFBCF6}" = Catalyst Control Center Graphics Previews Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D11CF177-AA3B-2CF1-6647-F9666C5E8231}" = CCC Help Turkish
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D351842E-D93B-5E33-961D-6C02467341C4}" = CCC Help Thai
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7A1BF13-4DA3-4391-855D-D61ADADF74A6}_is1" = Full Video Converter Free 9
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E60A300A-D251-03FB-B50F-33DFB54A9657}" = CCC Help Dutch
"{E660751F-6554-385D-7269-7D8B2707EA49}" = CCC Help Czech
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}" = HP Product Detection
"{FA439F3E-1B33-C2A1-90C4-4A9D85EAF782}" = CCC Help Danish
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCE26600-665A-C665-660E-72D3F2E30370}" = CCC Help Japanese
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Fences Pro" = Fences Pro
"file2linkib" = File2LinkIB
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallBrain Updater Service" = InstallBrain Updater Service
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Lexmark 2400 Series" = Lexmark 2400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SpecialSavings" = SpecialSavings
"WildTangent hp Master Uninstall" = HP Games
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.3.0
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1597401907-3190714596-1025116355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2011 2:19:28 AM | Computer Name = HP-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: DesktopDock64.dll, version: 1.0.1.0,
time stamp: 0x4c9256c9 Exception code: 0xc0000005 Fault offset: 0x0000000000035dad
Faulting
process id: 0xbf0 Faulting application start time: 0x01ccbe1613572886 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: c:\program files\stardock\fences
pro\DesktopDock64.dll Report Id: 675dfe0e-2a09-11e1-bf82-2c27d7dde8f8

Error - 12/19/2011 2:20:00 AM | Computer Name = HP-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: DesktopDock64.dll, version: 1.0.1.0,
time stamp: 0x4c9256c9 Exception code: 0xc000041d Fault offset: 0x0000000000035dad
Faulting
process id: 0xbf0 Faulting application start time: 0x01ccbe1613572886 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: c:\program files\stardock\fences
pro\DesktopDock64.dll Report Id: 7a6581d9-2a09-11e1-bf82-2c27d7dde8f8

Error - 12/19/2011 2:31:22 AM | Computer Name = HP-HP | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

Error - 12/19/2011 3:19:29 AM | Computer Name = HP-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 12/19/2011 3:39:43 AM | Computer Name = HP-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: DesktopDock64.dll, version: 1.0.1.0,
time stamp: 0x4c9256c9 Exception code: 0xc0000005 Fault offset: 0x0000000000034bcf
Faulting
process id: 0xcac Faulting application start time: 0x01ccbe214959fe41 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: c:\program files\stardock\fences
pro\DesktopDock64.dll Report Id: 9d8ed778-2a14-11e1-aa13-2c27d7dde8f8

Error - 12/19/2011 3:49:34 AM | Computer Name = HP-HP | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

Error - 12/21/2011 10:10:46 AM | Computer Name = HP-HP | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

Error - 12/21/2011 11:32:59 PM | Computer Name = HP-HP | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

Error - 12/24/2011 12:06:51 AM | Computer Name = HP-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 12/25/2011 1:07:38 AM | Computer Name = HP-HP | Source = CVHSVC | ID = 100
Description = Information only. Error: The operation timed out ErrorCode: 14007(0x36b7).


[ Hewlett-Packard Events ]
Error - 10/18/2011 5:02:31 PM | Computer Name = HP-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/23b3beb3_243f_4f93_91f9_cac901a081a8/f2ghlgdhfrc1vzb8xg+rbif7_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8173 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

Error - 10/27/2011 9:31:38 PM | Computer Name = HP-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/efd69575_0b70_41ff_9a20_d884e48c292f/qltrl+rnjpalqewrt0psv+we_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8173 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 11/26/2011 1:38:30 AM | Computer Name = HP-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/6f1923b0_ea42_4c84_a743_851c87d77361/yfj+v8rknh1+nceikp5fc9j8_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 8173 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 11/26/2011 1:57:29 AM | Computer Name = HP-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 7/12/2011 1:44:26 PM | Computer Name = ST2FR4GVTMSJ3 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/12/2011 1:44:26 PM | Computer Name = ST2FR4GVTMSJ3 | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
handler) at HPPA_Service.CurrentConfiguration..ctor()

Error - 11/19/2011 2:39:55 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/19/2011 2:39:55 PM | Computer Name = HP-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ Media Center Events ]
Error - 11/4/2011 8:47:05 PM | Computer Name = HP-HP | Source = MCUpdate | ID = 0
Description = 8:47:05 PM - Error connecting to the internet. 8:47:05 PM - Unable
to contact server..

Error - 11/17/2011 4:48:31 PM | Computer Name = HP-HP | Source = MCUpdate | ID = 0
Description = 3:48:31 PM - Error connecting to the internet. 3:48:31 PM - Unable
to contact server..

Error - 11/17/2011 4:48:41 PM | Computer Name = HP-HP | Source = MCUpdate | ID = 0
Description = 3:48:36 PM - Error connecting to the internet. 3:48:36 PM - Unable
to contact server..

Error - 11/19/2011 2:42:12 PM | Computer Name = HP-HP | Source = MCUpdate | ID = 0
Description = 1:42:12 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 11/26/2011 9:57:49 PM | Computer Name = HP-HP | Source = MCUpdate | ID = 0
Description = 8:57:44 PM - Error connecting to the internet. 8:57:44 PM - Unable
to contact server..

Error - 12/11/2011 11:09:53 AM | Computer Name = HP-HP | Source = MCUpdate | ID = 0
Description = 10:09:51 AM - Error connecting to the internet. 10:09:51 AM - Unable
to contact server..

Error - 12/11/2011 2:51:43 PM | Computer Name = HP-HP | Source = MCUpdate | ID = 0
Description = 1:51:40 PM - Error connecting to the internet. 1:51:40 PM - Unable
to contact server..

Error - 12/12/2011 12:11:44 AM | Computer Name = HP-HP | Source = MCUpdate | ID = 0
Description = 11:11:42 PM - Error connecting to the internet. 11:11:42 PM - Unable
to contact server..

[ System Events ]
Error - 1/9/2012 11:24:37 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RoxioNow Service service.

Error - 1/9/2012 11:25:14 AM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RoxioNow Service service.

Error - 1/9/2012 5:17:43 PM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RoxioNow Service service.

Error - 1/9/2012 5:59:14 PM | Computer Name = HP-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RoxioNow Service service.

Error - 1/9/2012 6:05:16 PM | Computer Name = HP-HP | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 1/10/2012 7:34:35 AM | Computer Name = HP-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 1/10/2012 7:34:36 AM | Computer Name = HP-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 1/10/2012 7:34:36 AM | Computer Name = HP-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 1/10/2012 7:34:37 AM | Computer Name = HP-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 1/10/2012 7:36:02 AM | Computer Name = HP-HP | Source = Virtual Disk Service | ID = 33554441
Description =


< End of report >



Thank you for your assistance with this issue!

~Sheila

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:03 PM

Posted 11 January 2012 - 04:24 PM

Hi Sheila,

The steps taken to correct the issue besides running a Norton scan with Norton Internet Security, i have tried using Norton Power Eraser which finds this file: rikvm_C6F09094.sys and says t is a bad file and says it will fix the file but it doesn't.

This is a false positive from Norton. The file actually belongs to Cyberlink DVD.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 solovely

solovely
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 12 January 2012 - 04:19 PM

After completing the scan, some of my registry keys necessary to run Mozilla Firefox and Internet Explorer were deleted and therefor do not work. I do have a system back up on discs which was created on 1/10/12 but if I use those discs, I am afraid of returning the computer to the same state, will that happen?

Combofix results:
ComboFix 12-01-12.02 - HP 01/12/2012 10:34:07.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5921 [GMT -5:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Local\Temp\libsqlitejdbc-8861718454410883573.lib
c:\users\HP\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\HP\AppData\Local\Temp\swt-win32-3448.dll
c:\users\HP\AppData\Local\Temp\WindowsAPI.dll6083620521495103887.lib
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 17:37 . 2012-01-12 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 23:46 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 23:46 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 18:05 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:05 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 18:05 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 18:05 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 18:05 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 18:05 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-04 22:35 . 2012-01-04 22:35 -------- dc----w- c:\users\HP\AppData\Local\MigWiz
2012-01-04 11:16 . 2012-01-04 11:16 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2011-12-31 06:29 . 2011-12-31 06:29 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2011-12-31 06:29 . 2011-12-31 06:29 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 06:28 . 2011-12-31 06:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-31 06:28 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-31 06:15 . 2011-12-31 06:15 -------- d-----w- c:\windows\SysWow64\Extensions
2011-12-30 15:51 . 2011-12-30 15:51 -------- d-----w- c:\program files\Java
2011-12-30 06:57 . 2011-12-30 06:57 -------- d-----w- c:\programdata\bProtector
2011-12-30 06:57 . 2011-12-30 06:57 748544 ----a-w- c:\windows\SysWow64\protector.dll
2011-12-30 06:57 . 2011-12-30 06:57 -------- d-----w- c:\program files (x86)\file2linkib
2011-12-30 06:56 . 2011-12-30 07:06 -------- d-----w- c:\users\HP\AppData\Roaming\PerformerSoft
2011-12-30 06:56 . 2011-12-02 23:04 19000 ----a-w- c:\windows\system32\roboot64.exe
2011-12-30 06:56 . 2011-12-30 06:56 -------- d-----w- c:\program files (x86)\SpecialSavings
2011-12-30 06:56 . 2011-12-30 06:56 -------- d-----w- c:\program files (x86)\InstallBrainService
2011-12-30 06:42 . 2011-12-30 06:42 89088 ----a-w- C:\mbr.exe
2011-12-30 06:26 . 2011-12-30 06:31 -------- d-----w- c:\program files (x86)\Unlocker
2011-12-30 06:19 . 2011-12-30 06:19 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-30 06:19 . 2011-12-30 06:19 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-30 06:19 . 2011-12-30 06:19 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-30 06:19 . 2011-12-30 06:19 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-29 17:03 . 2011-12-29 17:42 -------- d-----w- c:\users\HP\AppData\Roaming\Visan
2011-12-29 17:03 . 2011-12-29 17:03 -------- d-----w- c:\programdata\Visan
2011-12-29 16:52 . 2011-12-29 16:52 -------- d-----w- c:\program files (x86)\Java
2011-12-29 16:48 . 2011-12-29 16:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-29 07:32 . 2011-12-29 07:32 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-29 07:32 . 2011-12-29 07:32 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-28 06:25 . 2011-12-28 06:25 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-28 06:24 . 2011-12-28 06:24 -------- d-----w- c:\program files\ATI Technologies
2011-12-28 06:22 . 2011-12-28 06:22 -------- d-----w- C:\ATI
2011-12-25 04:57 . 2011-12-25 04:58 -------- d-----w- c:\users\Azure & Daela
2011-12-24 04:32 . 2011-12-24 04:32 -------- d-----w- c:\users\HP\AppData\Local\IsolatedStorage
2011-12-17 10:51 . 2011-12-17 10:51 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2011-12-17 10:51 . 2011-12-17 10:51 -------- d-----w- c:\program files (x86)\Application Updater
2011-12-17 10:51 . 2011-12-17 10:51 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-12-14 07:38 . 2011-11-04 01:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 07:38 . 2011-11-03 22:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 07:36 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-14 07:36 . 2011-11-04 01:44 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 07:36 . 2011-11-04 01:53 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 07:36 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-14 07:36 . 2011-11-03 22:42 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-12-14 07:36 . 2011-11-04 01:48 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-13 21:31 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 21:24 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 21:24 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 21:24 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-13 21:23 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 21:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 15:51 . 2010-11-02 01:02 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-29 16:52 . 2010-11-02 01:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-29 07:45 . 2011-10-08 23:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-15 02:33 . 2011-11-05 04:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-12 05:17 . 2011-11-17 21:49 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-17 21:50 . 2011-11-17 21:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-11-17 21:49 . 2011-11-17 21:49 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-17 21:49 . 2011-11-17 21:49 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-14 05:43 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-11-05 04:45 . 2011-11-05 04:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-05 04:45 . 2011-11-05 04:45 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-05 04:44 . 2011-11-05 04:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-22 01:16 . 2011-10-22 01:16 1843200 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2011-10-22 01:15 . 2011-10-22 01:15 104448 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2011-10-22 01:12 . 2011-10-22 01:12 2763264 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-22 01:07 . 2011-10-22 01:07 125440 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-17 17:40 . 2011-10-17 17:40 93712 ---ha-w- c:\windows\system32\drivers\AtihdW76.sys
2011-10-15 07:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-15 07:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-10-08 2084]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-10-08 2084]
"lxcrmon.exe"="c:\program files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/07/12 10:57;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120111.003\IDSvia64.sys [2011-10-07 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
S2 bProtector;bProtector;c:\programdata\bProtector\bProtect.exe [2011-12-30 803328]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 InstallBrainService;InstallBrain Updater Service;c:\program files (x86)\InstallBrainService\InstallBrainService.exe [2011-12-30 273912]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-09-30 2655768]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-29 17:03]
.
2012-01-05 c:\windows\Tasks\HPCeeScheduleForHP-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-01-11 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2005-12-01 30720]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\57ofjqp1.default\
FF - prefs.js: browser.search.selectedengine - yahoo
FF - prefs.js: keyword.url - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-UnlockerAssistant - c:\program files (x86)\Unlocker\UnlockerAssistant.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Lexmark 2400 Series - c:\program files (x86) (x86)\Lexmark 2400 Series\Install\x64\Uninst.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-01-12 13:39:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 18:39
.
Pre-Run: 533,472,870,400 bytes free
Post-Run: 534,011,006,976 bytes free
.
- - End Of File - - FDFE9DD06D9BE494B53D47BD0285C768

~Sheila

#6 solovely

solovely
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 12 January 2012 - 04:21 PM

My apologies for the double post but I just wanted to mention that I was requested to download Malware bites before you began to assist me, and the subscription will expire tomorrow, we will not need to run this program again will we?

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:03 PM

Posted 13 January 2012 - 05:46 AM

Hi,
Malwarebytes offers a free version, did you maybe download a trial of the pro version?

What exactly is wrong with your browsers?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 solovely

solovely
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 13 January 2012 - 07:20 AM

Hello,

I think I may have downloaded a trial of the full version for malware bites, but I don't use it so I guess it's okay to expire for now.

The problem that I thought was going on with just the browsers seems to be going on with anything listed under All Programs.

When I click Mozilla Firefox (from the start menu or from inside the local disc C:\)a message box pops up saying C:\Program Files (x86)\Mozilla Firefox\firefox.exe "illegal operation attempted on a registry key that has been marked for deletion" internet explorer says c:\Program Files (x86)\Internet Explorer\iexplorer.exe "illegal operation attempted on a registry key that has been marked for deletion"

This message is the same for all programs in all of my Program files folders.

For whatever reason I have 3 Program File folders 1. c:\Program Files 2. C:\ Program Files (x86) 3. C:\Program Files (x86) (x86)
I think the first one is system installed programs, the second is programs I installed and 64bit version of iexplorer because i explorer is in both 1 and 2 but the third has only one program which is the only program I have ever installed with a disc and it is the drivers for my printer.

No matter which program file folder I chose or what program folder I click they all populate the same message.

The only things that do not populate this message are: My Computer, Control Panel, Documents, Pictures, and the Music Folders which are listed on the right side of my shortcut start menu but nothing inside the documents folder works. Control Panel, Pictures and Music seem to be working fine.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:03 PM

Posted 13 January 2012 - 07:25 AM

Hi,

this is a message that is sometimes produced by ComboFix. A reboot should fix this.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 solovely

solovely
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 13 January 2012 - 12:45 PM

reboot corrected all program issues for now

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:03 PM

Posted 13 January 2012 - 01:59 PM

Hi,

good. :)

Is your PC still slow and unresponsive?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 solovely

solovely
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 14 January 2012 - 03:38 PM

I don't think that it is :D I believe everything is fixed at this time, although I haven't tried watching any videos. Would you mind leaving this open until about 10pm tonight so I can be sure everything is fully working??

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:03 PM

Posted 15 January 2012 - 09:38 AM

Hi,

Please uninstall: YouTube Downloader Toolbar v4.9

Let me know how the computer is working.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 solovely

solovely
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 15 January 2012 - 12:34 PM

Hello Myrti,

Thank you for your patience while working with me. I really appreciate your assistance. Everything seems to be working perfect. I don't know how to show my gratitude. I am very pleased with the outcome, no files have been lost what so ever and everything is back to normal. Thank you Thank you Thank you :woot:

I do have one last question for you... Would you recommend tossing the back up discs that were created prior to using combofix?

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:03 PM

Posted 15 January 2012 - 02:30 PM

Hi,

your discs are likely fine, but personally I wouldn't take the risk and rather toss those and create new backup discs now.

As a final step I would recommend uninstalling all the tools we've used:

Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
  • Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      Posted Image
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users