Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mswsock.dll infected, antivirus doesn't fix it


  • This topic is locked This topic is locked
10 replies to this topic

#1 Shishkaboom

Shishkaboom

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 23 February 2012 - 02:26 AM

Today my avast! started going off like crazy while messing about in iTunes, adding album art. My computer started becoming staggeringly slow, then iTunes crashed. When I loaded it back up, 99% of my library was missing. Annoyed, I checked avast! and it gave me this:

avast! blocked you from visiting an infected webpage
Infection Details
URL: http://webgetclick.com/?gd
Process: file://C:\Windows\System32\mswsock.dll
Infection: al

This comes up just about any time I do anything, and varies in frequency but averages once every couple of minutes. I've had this issue once before about 2 weeks ago, but a full scan and system restore made the problem vanish at the time.
It doesn't seem to be having any extra strange effects on my computer because avast! seems to be doing a good job of stopping it in its tracks every time it attempts to do something. Which is all the time.

I system restored to about a week ago. Problem persists.
I ran both a quick scan and a full scan, detecting lots of high threat files which I moved to a quarantine box or deleted, most being housed in AppData.
I ran a boot time scan but didn't complete it, as it had been about four hours of scanning already and I wanted to see if anything had changed. Avast! continued to notify me that that thing was still there and still attempting to do stuff.
After wading through Google results, most give me this advice:

>Click Start. In the Start Search dialog box, type: cmd, and right-click cmd.
>Click Run as administrator.
>Type: netsh winsock reset, and then press the ENTER key.
>Type: Exit and press ENTER.
>Restart the computer.

>Reset the TCP/IP protocol.
>Click Start. In the Start Search dialog box, type: cmd, and right-click cmd.
>Click Run as administrator.
>Type: netsh int ip reset, and then press ENTER.
>Type: Exit and press ENTER.
>Restart the computer.

I've done both of these things and the problem still persists, but this seems to be a solution to people whose internet has been affected by this type of infection, which mine hasn't. Everything works just as well as it did before, besides iTunes having been wiped. I have found no other real advice about this type of problem, just a bunch of bogus sites telling me to download suspicious things. Avast! just keeps on 'blocking' it, forever and ever, and I would really just like it to be stopped. I'm at my wits end and by now I'm just hoping I don't have to reinstall the OS or something.

I haven't downloaded a new mswsock.dll or anything. Any help would be appreciated. In the meantime I will probably complete a full boot-time scan but if my luck holds out like this, it won't do much. Sorry if this is too wordy, I wanted to give as many details as possible.

Edited by Shishkaboom, 23 February 2012 - 02:27 AM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:10 PM

Posted 23 February 2012 - 02:57 AM

Hi Shishkaboom!

Please Note: I've asked a moderator to move this thread to the malware forum, so that we can utilize some more powerful tools.


My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

From the sounds of your post it seems like you're infected with an infection known as Sirefef/ZeroAccess.

This can be a tricky infection to remove.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:


You should also be aware that this infection does have backdoor abilities. See warning below.

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Edited by elise025, 23 February 2012 - 03:15 AM.
Moved to malware removal as requested ~Elise

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Shishkaboom

Shishkaboom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 23 February 2012 - 04:44 AM

1. First of all thank you for your speedy and incredibly detailed response, SpeedTech. I'm sorry if I had posted it in the wrong place. I've done everything you asked, with virtually zero problems, except when I ran TDSSKILLER at the end of it I did not need to reboot. It came up with three things, and the last one was auto-set to Cure, and I switched it to Skip. It did not require a reboot at that point, I hope that's okay. One thing I should probably mention is that I have both Norton and avast! but the Norton subscription ran out quite a bit ago and is basically useless at this point. I mention this because it probably accounts for a lot of error notifications.

2.
03:15:48.0277 4432 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
03:15:50.0283 4432 ============================================================
03:15:50.0283 4432 Current date / time: 2012/02/23 03:15:50.0283
03:15:50.0283 4432 SystemInfo:
03:15:50.0283 4432
03:15:50.0283 4432 OS Version: 6.0.6000 ServicePack: 0.0
03:15:50.0283 4432 Product type: Workstation
03:15:50.0283 4432 ComputerName: MYLAPTOP
03:15:50.0284 4432 UserName: David
03:15:50.0284 4432 Windows directory: C:\Windows
03:15:50.0284 4432 System windows directory: C:\Windows
03:15:50.0285 4432 Processor architecture: Intel x86
03:15:50.0285 4432 Number of processors: 2
03:15:50.0285 4432 Page size: 0x1000
03:15:50.0285 4432 Boot type: Normal boot
03:15:50.0285 4432 ============================================================
03:15:51.0692 4432 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:15:51.0697 4432 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:15:51.0712 4432 \Device\Harddisk0\DR0:
03:15:51.0713 4432 MBR used
03:15:51.0713 4432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11CFB52A
03:15:51.0713 4432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11CFB569, BlocksNum 0xD1D558
03:15:51.0713 4432 \Device\Harddisk1\DR1:
03:15:51.0714 4432 MBR used
03:15:51.0714 4432 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
03:15:51.0845 4432 Initialize success
03:15:51.0845 4432 ============================================================
03:16:18.0488 6132 ============================================================
03:16:18.0488 6132 Scan started
03:16:18.0488 6132 Mode: Manual; SigCheck; TDLFS;
03:16:18.0488 6132 ============================================================
03:16:20.0000 6132 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
03:16:20.0255 6132 ACPI - ok
03:16:20.0409 6132 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
03:16:20.0451 6132 adp94xx - ok
03:16:20.0564 6132 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
03:16:20.0597 6132 adpahci - ok
03:16:20.0632 6132 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
03:16:20.0656 6132 adpu160m - ok
03:16:20.0694 6132 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
03:16:20.0721 6132 adpu320 - ok
03:16:20.0834 6132 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
03:16:21.0000 6132 AFD - ok
03:16:21.0147 6132 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
03:16:21.0171 6132 agp440 - ok
03:16:21.0195 6132 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
03:16:21.0222 6132 aic78xx - ok
03:16:21.0280 6132 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
03:16:21.0302 6132 aliide - ok
03:16:21.0354 6132 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
03:16:21.0377 6132 amdagp - ok
03:16:21.0399 6132 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
03:16:21.0421 6132 amdide - ok
03:16:21.0487 6132 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
03:16:21.0595 6132 AmdK7 - ok
03:16:21.0670 6132 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
03:16:21.0792 6132 AmdK8 - ok
03:16:21.0958 6132 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
03:16:21.0982 6132 arc - ok
03:16:22.0055 6132 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
03:16:22.0078 6132 arcsas - ok
03:16:22.0166 6132 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
03:16:22.0295 6132 aswFsBlk - ok
03:16:22.0437 6132 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
03:16:22.0488 6132 aswMonFlt - ok
03:16:22.0529 6132 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
03:16:22.0577 6132 aswRdr - ok
03:16:22.0630 6132 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
03:16:22.0697 6132 aswSnx - ok
03:16:22.0807 6132 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
03:16:22.0867 6132 aswSP - ok
03:16:23.0010 6132 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
03:16:23.0062 6132 aswTdi - ok
03:16:23.0141 6132 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
03:16:23.0265 6132 AsyncMac - ok
03:16:23.0376 6132 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
03:16:23.0397 6132 atapi - ok
03:16:23.0553 6132 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
03:16:23.0703 6132 BCM43XV - ok
03:16:23.0759 6132 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
03:16:23.0868 6132 Beep - ok
03:16:23.0987 6132 blbdrive - ok
03:16:24.0063 6132 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
03:16:24.0178 6132 bowser - ok
03:16:24.0297 6132 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
03:16:24.0404 6132 BrFiltLo - ok
03:16:24.0519 6132 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
03:16:24.0598 6132 BrFiltUp - ok
03:16:24.0728 6132 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
03:16:24.0834 6132 Brserid - ok
03:16:24.0907 6132 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
03:16:25.0024 6132 BrSerWdm - ok
03:16:25.0228 6132 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
03:16:25.0358 6132 BrUsbMdm - ok
03:16:25.0422 6132 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
03:16:25.0538 6132 BrUsbSer - ok
03:16:25.0605 6132 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
03:16:25.0725 6132 BthEnum - ok
03:16:25.0841 6132 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
03:16:25.0962 6132 BTHMODEM - ok
03:16:26.0038 6132 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
03:16:26.0161 6132 BthPan - ok
03:16:26.0291 6132 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
03:16:26.0404 6132 BTHPORT - ok
03:16:26.0495 6132 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
03:16:26.0604 6132 BTHUSB - ok
03:16:26.0730 6132 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
03:16:26.0843 6132 cdfs - ok
03:16:26.0913 6132 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
03:16:27.0028 6132 cdrom - ok
03:16:27.0128 6132 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
03:16:27.0241 6132 circlass - ok
03:16:27.0372 6132 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
03:16:27.0404 6132 CLFS - ok
03:16:27.0552 6132 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
03:16:27.0663 6132 CmBatt - ok
03:16:27.0746 6132 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
03:16:27.0767 6132 cmdide - ok
03:16:27.0868 6132 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
03:16:27.0921 6132 CnxtHdAudService - ok
03:16:27.0996 6132 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
03:16:28.0018 6132 Compbatt - ok
03:16:28.0054 6132 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
03:16:28.0078 6132 crcdisk - ok
03:16:28.0152 6132 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
03:16:28.0259 6132 Crusoe - ok
03:16:28.0407 6132 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
03:16:28.0516 6132 DfsC - ok
03:16:28.0674 6132 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
03:16:28.0703 6132 disk - ok
03:16:28.0774 6132 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
03:16:28.0887 6132 drmkaud - ok
03:16:29.0019 6132 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
03:16:29.0111 6132 DXGKrnl - ok
03:16:29.0240 6132 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
03:16:29.0336 6132 E100B - ok
03:16:29.0456 6132 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
03:16:29.0568 6132 E1G60 - ok
03:16:29.0646 6132 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
03:16:29.0694 6132 eabfiltr - ok
03:16:29.0779 6132 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
03:16:29.0806 6132 Ecache - ok
03:16:29.0886 6132 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
03:16:29.0935 6132 elxstor - ok
03:16:30.0039 6132 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
03:16:30.0158 6132 fastfat - ok
03:16:30.0253 6132 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
03:16:30.0367 6132 fdc - ok
03:16:30.0458 6132 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
03:16:30.0482 6132 FileInfo - ok
03:16:30.0509 6132 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
03:16:30.0618 6132 Filetrace - ok
03:16:30.0707 6132 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
03:16:30.0813 6132 flpydisk - ok
03:16:30.0886 6132 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
03:16:30.0919 6132 FltMgr - ok
03:16:30.0965 6132 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
03:16:31.0022 6132 Fs_Rec - ok
03:16:31.0105 6132 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
03:16:31.0128 6132 gagp30kx - ok
03:16:31.0205 6132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
03:16:31.0223 6132 GEARAspiWDM - ok
03:16:31.0355 6132 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
03:16:31.0407 6132 HBtnKey - ok
03:16:31.0488 6132 HdAudAddService (3aeee05bb25b8cc72b6e9aec0e6f394b) C:\Windows\system32\drivers\CHDART.sys
03:16:31.0546 6132 HdAudAddService - ok
03:16:31.0580 6132 HDAudBus (ffb271303ba3c59d9c97b7af1175de95) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:16:31.0644 6132 HDAudBus - ok
03:16:31.0744 6132 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
03:16:31.0836 6132 HidBth - ok
03:16:31.0969 6132 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
03:16:32.0088 6132 HidIr - ok
03:16:32.0185 6132 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
03:16:32.0296 6132 HidUsb - ok
03:16:32.0425 6132 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
03:16:32.0447 6132 HpCISSs - ok
03:16:32.0532 6132 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
03:16:32.0611 6132 HSFHWAZL - ok
03:16:32.0709 6132 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
03:16:32.0826 6132 HSF_DPV - ok
03:16:32.0944 6132 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
03:16:33.0004 6132 HSXHWAZL - ok
03:16:33.0103 6132 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
03:16:33.0189 6132 HTTP - ok
03:16:33.0256 6132 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
03:16:33.0278 6132 i2omp - ok
03:16:33.0400 6132 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
03:16:33.0453 6132 i8042prt - ok
03:16:33.0621 6132 ialm (229be1b236fc93634b39c26ae45cbfba) C:\Windows\system32\DRIVERS\igdkmd32.sys
03:16:33.0778 6132 ialm - ok
03:16:33.0896 6132 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
03:16:33.0927 6132 iaStorV - ok
03:16:34.0106 6132 IDSvix86 (36becec23a8adda497d8a5653160bd6d) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070426.001\IDSvix86.sys
03:16:34.0162 6132 IDSvix86 - ok
03:16:34.0354 6132 igfx (229be1b236fc93634b39c26ae45cbfba) C:\Windows\system32\DRIVERS\igdkmd32.sys
03:16:34.0428 6132 igfx - ok
03:16:34.0488 6132 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
03:16:34.0512 6132 iirsp - ok
03:16:34.0567 6132 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
03:16:34.0589 6132 intelide - ok
03:16:34.0681 6132 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
03:16:34.0790 6132 intelppm - ok
03:16:34.0901 6132 IpInIp - ok
03:16:34.0940 6132 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
03:16:35.0091 6132 IPMIDRV - ok
03:16:35.0196 6132 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
03:16:35.0318 6132 IPNAT - ok
03:16:35.0397 6132 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
03:16:35.0495 6132 IRENUM - ok
03:16:35.0593 6132 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
03:16:35.0617 6132 isapnp - ok
03:16:35.0648 6132 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
03:16:35.0677 6132 iScsiPrt - ok
03:16:35.0754 6132 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
03:16:35.0778 6132 iteatapi - ok
03:16:35.0824 6132 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
03:16:35.0846 6132 iteraid - ok
03:16:35.0877 6132 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
03:16:35.0901 6132 kbdclass - ok
03:16:35.0926 6132 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
03:16:36.0025 6132 kbdhid - ok
03:16:36.0136 6132 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
03:16:36.0194 6132 KSecDD - ok
03:16:36.0360 6132 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
03:16:36.0470 6132 lltdio - ok
03:16:36.0571 6132 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
03:16:36.0600 6132 LSI_FC - ok
03:16:36.0658 6132 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
03:16:36.0682 6132 LSI_SAS - ok
03:16:36.0817 6132 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
03:16:36.0841 6132 LSI_SCSI - ok
03:16:36.0873 6132 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
03:16:36.0988 6132 luafv - ok
03:16:37.0138 6132 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
03:16:37.0187 6132 mdmxsdk - ok
03:16:37.0281 6132 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
03:16:37.0303 6132 megasas - ok
03:16:37.0372 6132 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
03:16:37.0485 6132 Modem - ok
03:16:37.0596 6132 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
03:16:37.0705 6132 monitor - ok
03:16:37.0797 6132 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
03:16:37.0821 6132 mouclass - ok
03:16:37.0883 6132 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
03:16:38.0002 6132 mouhid - ok
03:16:38.0112 6132 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
03:16:38.0136 6132 MountMgr - ok
03:16:38.0246 6132 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
03:16:38.0292 6132 mpio - ok
03:16:38.0467 6132 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
03:16:38.0530 6132 mpsdrv - ok
03:16:38.0599 6132 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
03:16:38.0628 6132 Mraid35x - ok
03:16:38.0697 6132 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
03:16:38.0759 6132 MRxDAV - ok
03:16:38.0848 6132 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:16:38.0907 6132 mrxsmb - ok
03:16:38.0954 6132 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:16:38.0994 6132 mrxsmb10 - ok
03:16:39.0084 6132 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:16:39.0134 6132 mrxsmb20 - ok
03:16:39.0304 6132 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys
03:16:39.0327 6132 msahci - ok
03:16:39.0379 6132 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
03:16:39.0404 6132 msdsm - ok
03:16:39.0528 6132 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
03:16:39.0715 6132 Msfs - ok
03:16:39.0832 6132 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
03:16:39.0853 6132 msisadrv - ok
03:16:39.0928 6132 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
03:16:40.0056 6132 MSKSSRV - ok
03:16:40.0194 6132 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
03:16:40.0327 6132 MSPCLOCK - ok
03:16:40.0460 6132 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
03:16:40.0568 6132 MSPQM - ok
03:16:40.0657 6132 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
03:16:40.0690 6132 MsRPC - ok
03:16:40.0780 6132 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
03:16:40.0803 6132 mssmbios - ok
03:16:40.0849 6132 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
03:16:40.0965 6132 MSTEE - ok
03:16:41.0149 6132 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
03:16:41.0173 6132 Mup - ok
03:16:41.0212 6132 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\Windows\system32\DRIVERS\mxopswd.sys
03:16:41.0285 6132 MXOPSWD - ok
03:16:41.0527 6132 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
03:16:41.0561 6132 NativeWifiP - ok
03:16:41.0707 6132 NAVENG - ok
03:16:41.0741 6132 NAVEX15 - ok
03:16:41.0892 6132 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
03:16:41.0949 6132 NDIS - ok
03:16:42.0062 6132 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
03:16:42.0132 6132 NdisTapi - ok
03:16:42.0271 6132 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
03:16:42.0396 6132 Ndisuio - ok
03:16:42.0512 6132 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
03:16:42.0623 6132 NdisWan - ok
03:16:42.0698 6132 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
03:16:42.0746 6132 NDProxy - ok
03:16:42.0822 6132 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
03:16:42.0944 6132 NetBIOS - ok
03:16:43.0073 6132 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
03:16:43.0199 6132 netbt - ok
03:16:43.0389 6132 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
03:16:43.0612 6132 NETw3v32 - ok
03:16:43.0678 6132 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
03:16:43.0715 6132 nfrd960 - ok
03:16:43.0864 6132 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
03:16:43.0994 6132 Npfs - ok
03:16:44.0108 6132 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
03:16:44.0224 6132 nsiproxy - ok
03:16:44.0332 6132 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
03:16:44.0410 6132 Ntfs - ok
03:16:44.0502 6132 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
03:16:44.0645 6132 ntrigdigi - ok
03:16:44.0772 6132 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
03:16:44.0870 6132 Null - ok
03:16:44.0964 6132 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
03:16:44.0990 6132 nvraid - ok
03:16:45.0035 6132 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
03:16:45.0059 6132 nvstor - ok
03:16:45.0131 6132 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
03:16:45.0157 6132 nv_agp - ok
03:16:45.0186 6132 NwlnkFlt - ok
03:16:45.0239 6132 NwlnkFwd - ok
03:16:45.0299 6132 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
03:16:45.0416 6132 ohci1394 - ok
03:16:45.0574 6132 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
03:16:45.0691 6132 Parport - ok
03:16:45.0767 6132 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
03:16:45.0792 6132 partmgr - ok
03:16:45.0839 6132 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
03:16:45.0950 6132 Parvdm - ok
03:16:46.0063 6132 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
03:16:46.0095 6132 pci - ok
03:16:46.0340 6132 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
03:16:46.0369 6132 pciide - ok
03:16:46.0592 6132 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
03:16:46.0624 6132 pcmcia - ok
03:16:46.0729 6132 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
03:16:46.0984 6132 PEAUTH - ok
03:16:47.0175 6132 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
03:16:47.0204 6132 Point32 - ok
03:16:47.0306 6132 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
03:16:47.0465 6132 PptpMiniport - ok
03:16:47.0552 6132 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
03:16:47.0719 6132 Processor - ok
03:16:47.0826 6132 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
03:16:47.0885 6132 PSched - ok
03:16:47.0994 6132 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
03:16:48.0033 6132 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
03:16:48.0033 6132 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
03:16:48.0160 6132 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
03:16:48.0349 6132 ql2300 - ok
03:16:48.0464 6132 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
03:16:48.0491 6132 ql40xx - ok
03:16:48.0561 6132 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
03:16:48.0615 6132 QWAVEdrv - ok
03:16:48.0721 6132 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
03:16:48.0866 6132 RasAcd - ok
03:16:48.0987 6132 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:16:49.0117 6132 Rasl2tp - ok
03:16:49.0246 6132 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
03:16:49.0405 6132 RasPppoe - ok
03:16:49.0527 6132 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
03:16:49.0702 6132 rdbss - ok
03:16:49.0820 6132 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:16:49.0934 6132 RDPCDD - ok
03:16:50.0008 6132 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
03:16:50.0140 6132 rdpdr - ok
03:16:50.0276 6132 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
03:16:50.0490 6132 RDPENCDD - ok
03:16:50.0664 6132 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
03:16:50.0810 6132 RDPWD - ok
03:16:50.0941 6132 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
03:16:51.0100 6132 RFCOMM - ok
03:16:51.0390 6132 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
03:16:51.0484 6132 rimmptsk - ok
03:16:51.0593 6132 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
03:16:51.0626 6132 rimsptsk - ok
03:16:51.0688 6132 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
03:16:51.0749 6132 rismxdp - ok
03:16:51.0931 6132 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
03:16:52.0088 6132 rspndr - ok
03:16:52.0217 6132 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
03:16:52.0271 6132 sbp2port - ok
03:16:52.0457 6132 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
03:16:52.0578 6132 sdbus - ok
03:16:52.0667 6132 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:16:52.0832 6132 secdrv - ok
03:16:52.0895 6132 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
03:16:53.0027 6132 Serenum - ok
03:16:53.0075 6132 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
03:16:53.0206 6132 Serial - ok
03:16:53.0243 6132 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
03:16:53.0394 6132 sermouse - ok
03:16:53.0608 6132 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
03:16:53.0721 6132 sffdisk - ok
03:16:53.0896 6132 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
03:16:54.0058 6132 sffp_mmc - ok
03:16:54.0206 6132 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
03:16:54.0366 6132 sffp_sd - ok
03:16:54.0472 6132 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
03:16:54.0635 6132 sfloppy - ok
03:16:54.0727 6132 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
03:16:54.0755 6132 sisagp - ok
03:16:54.0789 6132 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
03:16:54.0819 6132 SiSRaid2 - ok
03:16:54.0873 6132 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
03:16:54.0901 6132 SiSRaid4 - ok
03:16:54.0989 6132 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
03:16:55.0116 6132 Smb - ok
03:16:55.0409 6132 SNP2UVC (5140166bbcafe1393d4669353a1f8c0a) C:\Windows\system32\DRIVERS\snp2uvc.sys
03:16:55.0695 6132 SNP2UVC - ok
03:16:55.0803 6132 SPBBCDrv (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
03:16:55.0962 6132 SPBBCDrv - ok
03:16:56.0070 6132 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
03:16:56.0093 6132 spldr - ok
03:16:56.0235 6132 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
03:16:56.0236 6132 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
03:16:56.0241 6132 sptd ( LockedFile.Multi.Generic ) - warning
03:16:56.0241 6132 sptd - detected LockedFile.Multi.Generic (1)
03:16:56.0295 6132 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
03:16:56.0367 6132 SRTSP - ok
03:16:56.0480 6132 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
03:16:56.0547 6132 SRTSPL - ok
03:16:56.0657 6132 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
03:16:56.0751 6132 SRTSPX - ok
03:16:56.0847 6132 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
03:16:56.0910 6132 srv - ok
03:16:56.0970 6132 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
03:16:57.0022 6132 srv2 - ok
03:16:57.0144 6132 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
03:16:57.0179 6132 srvnet - ok
03:16:57.0286 6132 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
03:16:57.0308 6132 swenum - ok
03:16:57.0402 6132 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
03:16:57.0425 6132 Symc8xx - ok
03:16:57.0555 6132 SYMDNS (55a216212c89de109bde71a5f440593c) C:\Windows\System32\Drivers\SYMDNS.SYS
03:16:57.0574 6132 SYMDNS - ok
03:16:57.0670 6132 SymEvent (9e4188476848b2ef86f9c44d5164e724) C:\Windows\system32\Drivers\SYMEVENT.SYS
03:16:57.0741 6132 SymEvent - ok
03:16:57.0862 6132 SYMFW (3f72da2a613ae5da86c7002737fe56b3) C:\Windows\System32\Drivers\SYMFW.SYS
03:16:57.0887 6132 SYMFW - ok
03:16:57.0950 6132 SYMIDS (cf88c0fa1fb45fd49fa1f4adf6251ea6) C:\Windows\System32\Drivers\SYMIDS.SYS
03:16:57.0970 6132 SYMIDS - ok
03:16:58.0087 6132 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\Windows\system32\drivers\symlcbrd.sys
03:16:58.0108 6132 symlcbrd - ok
03:16:58.0152 6132 SYMNDISV (105f0717ab5049a0a40d55c524b4c2e5) C:\Windows\System32\Drivers\SYMNDISV.SYS
03:16:58.0172 6132 SYMNDISV - ok
03:16:58.0247 6132 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
03:16:58.0266 6132 SYMREDRV - ok
03:16:58.0344 6132 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
03:16:58.0372 6132 SYMTDI - ok
03:16:58.0431 6132 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
03:16:58.0454 6132 Sym_hi - ok
03:16:58.0492 6132 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
03:16:58.0526 6132 Sym_u3 - ok
03:16:58.0667 6132 SynTP (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
03:16:58.0725 6132 SynTP - ok
03:16:58.0810 6132 tclondrv - ok
03:16:58.0894 6132 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
03:16:58.0972 6132 Tcpip - ok
03:16:59.0054 6132 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
03:16:59.0114 6132 Tcpip6 - ok
03:16:59.0186 6132 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
03:16:59.0302 6132 tcpipreg - ok
03:16:59.0389 6132 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
03:16:59.0501 6132 TDPIPE - ok
03:16:59.0620 6132 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
03:16:59.0715 6132 TDTCP - ok
03:16:59.0849 6132 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
03:16:59.0973 6132 tdx - ok
03:17:00.0107 6132 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
03:17:00.0135 6132 TermDD - ok
03:17:00.0383 6132 truecrypt (867d1d7c41e319268d4ef47f1f109199) C:\Windows\system32\drivers\truecrypt.sys
03:17:00.0454 6132 truecrypt - ok
03:17:00.0542 6132 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:17:00.0654 6132 tssecsrv - ok
03:17:00.0760 6132 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
03:17:00.0795 6132 tunmp - ok
03:17:00.0833 6132 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
03:17:00.0886 6132 tunnel - ok
03:17:01.0010 6132 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
03:17:01.0040 6132 uagp35 - ok
03:17:01.0125 6132 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
03:17:01.0255 6132 udfs - ok
03:17:01.0422 6132 UIUSys - ok
03:17:01.0944 6132 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
03:17:01.0968 6132 uliagpkx - ok
03:17:02.0020 6132 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
03:17:02.0052 6132 uliahci - ok
03:17:02.0141 6132 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
03:17:02.0168 6132 UlSata - ok
03:17:02.0271 6132 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
03:17:02.0305 6132 ulsata2 - ok
03:17:02.0460 6132 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
03:17:02.0582 6132 umbus - ok
03:17:02.0693 6132 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
03:17:02.0723 6132 USBAAPL - ok
03:17:02.0841 6132 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
03:17:02.0996 6132 usbccgp - ok
03:17:03.0097 6132 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
03:17:03.0201 6132 usbcir - ok
03:17:03.0286 6132 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
03:17:03.0398 6132 usbehci - ok
03:17:03.0455 6132 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
03:17:03.0557 6132 usbhub - ok
03:17:03.0619 6132 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
03:17:03.0733 6132 usbohci - ok
03:17:03.0814 6132 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
03:17:03.0926 6132 usbprint - ok
03:17:04.0041 6132 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
03:17:04.0152 6132 usbscan - ok
03:17:04.0271 6132 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:17:04.0400 6132 USBSTOR - ok
03:17:04.0486 6132 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
03:17:04.0582 6132 usbuhci - ok
03:17:04.0720 6132 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
03:17:04.0840 6132 usbvideo - ok
03:17:04.0996 6132 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
03:17:05.0091 6132 vga - ok
03:17:05.0141 6132 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
03:17:05.0250 6132 VgaSave - ok
03:17:05.0351 6132 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
03:17:05.0376 6132 viaagp - ok
03:17:05.0428 6132 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
03:17:05.0557 6132 ViaC7 - ok
03:17:05.0666 6132 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
03:17:05.0695 6132 viaide - ok
03:17:05.0764 6132 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
03:17:05.0809 6132 volmgr - ok
03:17:05.0918 6132 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
03:17:05.0965 6132 volmgrx - ok
03:17:06.0056 6132 volsnap (4564f3e574884224ddea8969122e5d89) C:\Windows\system32\drivers\volsnap.sys
03:17:06.0063 6132 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: 4564f3e574884224ddea8969122e5d89, Fake md5: 11ef6c1caef76b685233450a126125d6
03:17:06.0068 6132 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
03:17:06.0068 6132 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
03:17:06.0166 6132 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
03:17:06.0197 6132 vsmraid - ok
03:17:06.0277 6132 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
03:17:06.0389 6132 WacomPen - ok
03:17:06.0511 6132 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
03:17:06.0544 6132 Wanarp - ok
03:17:06.0600 6132 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
03:17:06.0634 6132 Wanarpv6 - ok
03:17:06.0761 6132 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
03:17:06.0785 6132 Wd - ok
03:17:06.0859 6132 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
03:17:06.0934 6132 Wdf01000 - ok
03:17:07.0127 6132 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
03:17:07.0240 6132 winachsf - ok
03:17:07.0355 6132 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
03:17:07.0446 6132 WmiAcpi - ok
03:17:07.0567 6132 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
03:17:07.0658 6132 WpdUsb - ok
03:17:07.0776 6132 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
03:17:07.0888 6132 ws2ifsl - ok
03:17:08.0050 6132 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:17:08.0159 6132 WUDFRd - ok
03:17:08.0244 6132 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
03:17:08.0292 6132 XAudio - ok
03:17:08.0362 6132 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
03:17:08.0490 6132 \Device\Harddisk0\DR0 - ok
03:17:08.0502 6132 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
03:17:08.0710 6132 \Device\Harddisk1\DR1 - ok
03:17:08.0726 6132 Boot (0x1200) (0ff4a110d1df19200f32efad68b0e985) \Device\Harddisk0\DR0\Partition0
03:17:08.0732 6132 \Device\Harddisk0\DR0\Partition0 - ok
03:17:08.0741 6132 Boot (0x1200) (fb3b7da8e57f773714abf451b90e59eb) \Device\Harddisk0\DR0\Partition1
03:17:08.0746 6132 \Device\Harddisk0\DR0\Partition1 - ok
03:17:08.0753 6132 Boot (0x1200) (2727c5861400f09ddea8135a113a3b92) \Device\Harddisk1\DR1\Partition0
03:17:08.0758 6132 \Device\Harddisk1\DR1\Partition0 - ok
03:17:08.0760 6132 ============================================================
03:17:08.0760 6132 Scan finished
03:17:08.0761 6132 ============================================================
03:17:08.0787 5292 Detected object count: 3
03:17:08.0787 5292 Actual detected object count: 3
03:19:34.0408 5292 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
03:19:34.0409 5292 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:19:34.0409 5292 sptd ( LockedFile.Multi.Generic ) - skipped by user
03:19:34.0409 5292 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
03:19:34.0411 5292 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - skipped by user
03:19:34.0411 5292 volsnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Skip
03:20:59.0330 4668 Deinitialize success




3.
Farbar Service Scanner Version: 22-02-2012
Ran by David (administrator) on 23-02-2012 at 03:23:54
Running from "C:\Users\David\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
IE proxy is enabled.
ProxyServer: 0.0.0.0:80


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2006-11-02 03:58] - [2006-11-02 03:58] - 0270336 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



4.
OTL logfile created on: 2/23/2012 3:26:46 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 26.97% Memory free
1.91 Gb Paging File | 0.51 Gb Available in Paging File | 26.97% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 50.92 Gb Free Space | 35.74% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.66 Gb Free Space | 10.09% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 103.67 Gb Free Space | 22.26% Space Free | Partition Type: NTFS

Computer Name: MYLAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/23 03:25:13 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2012/02/13 18:19:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/24 02:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- F:\Downloads\Freecorder\FLVSrvc.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/27 07:54:59 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/08/01 22:10:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2008/05/07 18:13:16 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/09/28 15:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/09/06 17:53:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/01/10 00:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 16:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/18 00:26:07 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2006/11/24 18:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 18:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/10/10 19:44:10 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
PRC - [2006/09/21 02:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/13 18:19:05 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/22 21:54:52 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/09/05 01:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/02/26 20:54:12 | 000,180,224 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/12/18 00:07:20 | 000,151,589 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\bwfiles.dll
MOD - [2006/12/18 00:07:20 | 000,098,339 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\FrExt.dll
MOD - [2006/12/18 00:07:20 | 000,061,496 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\clntutil.dll
MOD - [2006/12/18 00:07:17 | 000,135,168 | ---- | M] () -- C:\Program Files\HP Connections\6811507\Program\HPClientExt.dll
MOD - [2006/11/24 18:34:20 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2006/11/24 18:34:04 | 000,233,573 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2006/11/24 18:34:04 | 000,114,783 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2006/11/24 18:34:04 | 000,032,768 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2006/11/24 18:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/05/07 18:13:16 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 19:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/28 15:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/04/11 05:00:24 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 16:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/05 16:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/24 18:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 18:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/10/27 08:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/10/13 23:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/09/21 02:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/06/26 12:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/12/09 04:05:02 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/04 01:22:27 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/09 19:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/09/28 07:16:46 | 000,235,840 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2008/06/10 15:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/05/07 18:14:16 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/03/03 14:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/01 01:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 01:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 01:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/05/03 16:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/14 04:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/14 17:51:40 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070426.001\IDSvix86.sys -- (IDSvix86)
DRV - [2006/12/12 19:06:40 | 000,148,992 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/16 04:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 23:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 21:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/09 04:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/24 21:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/24 21:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/10/24 21:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/10/24 21:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2006/10/24 21:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/24 21:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/08/04 12:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 12:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Users\David\Desktop\eMusic Download Manager\plugin\npemusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Downloads\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Users\David\Desktop\eMusic Download Manager\plugin\npemusic.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Users\David\Desktop\eMusic Download Manager\xulrunner\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Users\David\Desktop\eMusic Download Manager\xulrunner\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Zango@Zango.com: C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/27 07:55:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/12 22:32:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/23 00:39:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 15:46:46 | 000,000,000 | ---D | M]

[2010/10/05 17:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/10/05 17:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/02/13 18:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions
[2011/12/01 22:47:35 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/02/13 18:17:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/12 16:55:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(98)
[2011/10/02 18:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\DAVID\DESKTOP\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
File not found (No name found) -- C:\USERS\DAVID\DESKTOP\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
File not found (No name found) -- C:\USERS\DAVID\DESKTOP\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2012/02/13 18:19:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/13 18:19:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/13 18:19:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL File not found
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Downloads\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-534172135-1733895031-802531288-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-534172135-1733895031-802531288-1000\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] F:\Downloads\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0" File not found
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup File not found
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TuneClone] F:\TuneClone\TuneClone.exe /silence File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XEEKK8gRR98234A] C:\Windows\system32\Y222onnF4pmHsQ7.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [BitTorrent] "C:\Users\David\Desktop\bittorrent.exe" --force_start_minimized File not found
O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [DAEMON Tools Lite] "F:\Downloads\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [DFDWtend] rundll32 "C:\Users\David\AppData\Local\Temp\Devinatt.dll",CreateProcessNotify File not found
O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [Fw0LsWu] "C:\Users\David\AppData\Roaming\PwLWi.cmd" File not found
O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [GGUB0f8] "C:\Users\David\AppData\Roaming\20cbu101.cmd" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-534172135-1733895031-802531288-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE929481-9B3B-4519-A5E2-6E3AB902A0D1}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 00:12:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 11:48:26 | 000,000,032 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 11:48:26 | 000,000,032 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 11:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 03:25:05 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2012/02/23 03:15:22 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe
[2012/02/13 17:12:29 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\2012 AOTY Stuff
[2012/02/12 01:10:00 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\2012 Covers
[2012/02/06 17:44:22 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Chillwave Covers
[1 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/23 03:25:13 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2012/02/23 03:23:15 | 000,337,133 | ---- | M] () -- C:\Users\David\Desktop\FSS.exe
[2012/02/23 03:15:29 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe
[2012/02/23 03:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 02:51:17 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 02:51:17 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/23 02:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/23 00:48:04 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/23 00:46:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 00:43:33 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/22 03:54:47 | 000,055,298 | ---- | M] () -- C:\Users\David\Desktop\If you ever picked your nose so much that you suddenly tasted bleep, you should probably wash your hands more often.JPG
[2012/02/21 15:06:19 | 000,094,627 | ---- | M] () -- C:\Users\David\Desktop\butt.png
[2012/02/20 03:52:24 | 000,034,023 | ---- | M] () -- C:\Users\David\Desktop\well which is it.JPG
[2012/02/20 01:58:09 | 000,023,837 | ---- | M] () -- C:\Users\David\Desktop\srsly.JPG
[2012/02/18 20:18:40 | 000,095,014 | ---- | M] () -- C:\Users\David\Desktop\mad.JPG
[2012/02/18 03:29:20 | 000,057,352 | ---- | M] () -- C:\Users\David\Desktop\I Will Kill Myself If You Don't Pay Attention To Me.JPG
[2012/02/18 00:25:05 | 000,531,154 | ---- | M] () -- C:\Users\David\Desktop\Bibio-Ambivalence-Avenue.jpg
[2012/02/17 17:49:35 | 000,201,197 | ---- | M] () -- C:\Users\David\Desktop\HoneyFrosteddddd.jpg
[2012/02/16 02:58:28 | 000,069,872 | ---- | M] () -- C:\Users\David\Desktop\chipster.JPG
[2012/02/16 02:53:42 | 000,038,656 | ---- | M] () -- C:\Users\David\Desktop\yeahokay.JPG
[2012/02/15 22:10:55 | 000,067,137 | ---- | M] () -- C:\Users\David\Desktop\Oh ho ho.JPG
[2012/02/13 21:50:05 | 000,069,429 | ---- | M] () -- C:\Users\David\Desktop\Feel with me.jpg
[2012/02/13 17:29:02 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for David.job
[2012/02/13 14:17:18 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDavid.job
[2012/02/13 01:21:26 | 000,145,071 | ---- | M] () -- C:\Users\David\Desktop\i'mdeadontheinside.png
[2012/02/13 00:51:11 | 000,005,676 | ---- | M] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2012/02/11 01:46:38 | 000,070,267 | ---- | M] () -- C:\Users\David\Desktop\Feb 1.JPG
[2012/02/10 20:43:11 | 000,070,068 | ---- | M] () -- C:\Users\David\Desktop\Sup.jpg
[2012/02/10 20:40:00 | 000,077,435 | ---- | M] () -- C:\Users\David\Desktop\Hello.jpg
[2012/02/08 23:13:53 | 000,022,170 | ---- | M] () -- C:\Users\David\Desktop\Jan 2.JPG
[2012/02/08 23:13:28 | 000,073,737 | ---- | M] () -- C:\Users\David\Desktop\Jan 1.JPG
[2012/02/08 17:47:29 | 000,064,000 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 02:47:50 | 001,716,664 | ---- | M] () -- C:\Users\David\Desktop\Chillwave Chart 3.0.jpg
[2012/02/07 01:32:26 | 000,009,815 | ---- | M] () -- C:\Users\David\Desktop\x.JPG
[2012/02/06 20:45:56 | 000,287,841 | ---- | M] () -- C:\Users\David\Desktop\Chillwave 1.0.jpg
[2012/02/06 20:01:43 | 000,667,664 | ---- | M] () -- C:\Users\David\Desktop\Chillwave Chart v2.0.jpg
[2012/02/05 21:50:59 | 000,049,902 | ---- | M] () -- C:\Users\David\Desktop\mu.JPG
[2012/02/05 15:01:22 | 000,014,233 | ---- | M] () -- C:\Users\David\Desktop\wellbleep.JPG
[2012/02/04 02:00:27 | 000,062,403 | ---- | M] () -- C:\Users\David\Desktop\heh.JPG
[2012/02/03 20:00:05 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - David.job
[2012/02/01 23:30:13 | 000,074,831 | ---- | M] () -- C:\Users\David\Desktop\God.jpg
[2012/02/01 02:19:27 | 000,895,444 | ---- | M] () -- C:\Users\David\Desktop\dance punk essentials.png
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/25 00:45:32 | 000,044,637 | ---- | M] () -- C:\Users\David\Desktop\muinanutshell.JPG
[2012/01/24 20:53:03 | 000,093,594 | ---- | M] () -- C:\Users\David\Desktop\Connect Four Hotel.png
[1 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/23 03:23:12 | 000,337,133 | ---- | C] () -- C:\Users\David\Desktop\FSS.exe
[2012/02/22 03:54:44 | 000,055,298 | ---- | C] () -- C:\Users\David\Desktop\If you ever picked your nose so much that you suddenly tasted bleep, you should probably wash your hands more often.JPG
[2012/02/21 14:22:52 | 000,094,627 | ---- | C] () -- C:\Users\David\Desktop\butt.png
[2012/02/20 03:52:14 | 000,034,023 | ---- | C] () -- C:\Users\David\Desktop\well which is it.JPG
[2012/02/20 01:57:59 | 000,023,837 | ---- | C] () -- C:\Users\David\Desktop\srsly.JPG
[2012/02/18 20:18:36 | 000,095,014 | ---- | C] () -- C:\Users\David\Desktop\mad.JPG
[2012/02/18 03:28:16 | 000,057,352 | ---- | C] () -- C:\Users\David\Desktop\I Will Kill Myself If You Don't Pay Attention To Me.JPG
[2012/02/18 00:24:46 | 000,531,154 | ---- | C] () -- C:\Users\David\Desktop\Bibio-Ambivalence-Avenue.jpg
[2012/02/16 02:58:25 | 000,069,872 | ---- | C] () -- C:\Users\David\Desktop\chipster.JPG
[2012/02/16 02:53:39 | 000,038,656 | ---- | C] () -- C:\Users\David\Desktop\yeahokay.JPG
[2012/02/15 22:10:50 | 000,067,137 | ---- | C] () -- C:\Users\David\Desktop\Oh ho ho.JPG
[2012/02/13 21:50:05 | 000,069,429 | ---- | C] () -- C:\Users\David\Desktop\Feel with me.jpg
[2012/02/13 01:21:20 | 000,145,071 | ---- | C] () -- C:\Users\David\Desktop\i'mdeadontheinside.png
[2012/02/10 20:43:09 | 000,070,068 | ---- | C] () -- C:\Users\David\Desktop\Sup.jpg
[2012/02/10 20:39:35 | 000,077,435 | ---- | C] () -- C:\Users\David\Desktop\Hello.jpg
[2012/02/08 23:14:33 | 000,070,267 | ---- | C] () -- C:\Users\David\Desktop\Feb 1.JPG
[2012/02/08 23:13:51 | 000,022,170 | ---- | C] () -- C:\Users\David\Desktop\Jan 2.JPG
[2012/02/08 23:13:25 | 000,073,737 | ---- | C] () -- C:\Users\David\Desktop\Jan 1.JPG
[2012/02/08 02:47:46 | 001,716,664 | ---- | C] () -- C:\Users\David\Desktop\Chillwave Chart 3.0.jpg
[2012/02/07 01:32:23 | 000,009,815 | ---- | C] () -- C:\Users\David\Desktop\x.JPG
[2012/02/06 20:45:49 | 000,287,841 | ---- | C] () -- C:\Users\David\Desktop\Chillwave 1.0.jpg
[2012/02/06 20:01:37 | 000,667,664 | ---- | C] () -- C:\Users\David\Desktop\Chillwave Chart v2.0.jpg
[2012/02/05 21:50:55 | 000,049,902 | ---- | C] () -- C:\Users\David\Desktop\mu.JPG
[2012/02/05 15:01:18 | 000,014,233 | ---- | C] () -- C:\Users\David\Desktop\wellbleep.JPG
[2012/02/04 02:00:24 | 000,062,403 | ---- | C] () -- C:\Users\David\Desktop\heh.JPG
[2012/02/01 23:30:12 | 000,074,831 | ---- | C] () -- C:\Users\David\Desktop\God.jpg
[2012/02/01 02:19:22 | 000,895,444 | ---- | C] () -- C:\Users\David\Desktop\dance punk essentials.png
[2012/01/25 00:45:27 | 000,044,637 | ---- | C] () -- C:\Users\David\Desktop\muinanutshell.JPG
[2012/01/24 20:52:55 | 000,093,594 | ---- | C] () -- C:\Users\David\Desktop\Connect Four Hotel.png
[2011/10/27 02:04:43 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{7B66286D-2A37-4FF3-8039-C2382B2979D0}
[2011/10/15 04:32:12 | 000,001,209 | ---- | C] () -- C:\Users\David\AppData\Roaming\ldr.ini
[2011/09/08 01:00:14 | 000,000,177 | ---- | C] () -- C:\Windows\SMB3ed.ini
[2011/08/02 03:15:21 | 000,015,020 | -HS- | C] () -- C:\Users\David\AppData\Local\y46sfanjfs78b7643d
[2011/08/02 03:15:21 | 000,015,020 | -HS- | C] () -- C:\ProgramData\y46sfanjfs78b7643d
[2011/06/26 16:00:20 | 000,017,164 | -HS- | C] () -- C:\Users\David\AppData\Local\td1t0b0v2my6n6a41c0x8i13kl645qaj44580i663
[2011/06/26 16:00:20 | 000,017,164 | -HS- | C] () -- C:\ProgramData\td1t0b0v2my6n6a41c0x8i13kl645qaj44580i663
[2011/05/25 21:26:44 | 000,000,168 | ---- | C] () -- C:\ProgramData\~22077200r
[2011/05/25 21:26:43 | 000,000,144 | ---- | C] () -- C:\ProgramData\~22077200
[2011/05/25 21:25:52 | 000,000,336 | ---- | C] () -- C:\ProgramData\22077200
[2011/04/13 22:50:50 | 000,005,676 | ---- | C] () -- C:\Users\David\AppData\Local\d3d9caps.dat
[2011/04/13 21:41:17 | 000,016,628 | -HS- | C] () -- C:\Users\David\AppData\Local\4074311493
[2011/04/13 21:41:17 | 000,016,628 | -HS- | C] () -- C:\ProgramData\4074311493
[2010/12/30 00:26:54 | 000,000,030 | ---- | C] () -- C:\Windows\wininit.ini

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011/01/04 01:22:27 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswFsBlk.sys
[2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr.sys
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswTdi.sys
[2011/12/09 04:05:02 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\symlcbrd.sys

< %SYSTEMDRIVE%\*.exe >
[2010/03/17 23:53:32 | 000,557,056 | ---- | M] (Apple Inc.) -- C:\PictureViewer.exe
[2010/03/18 01:22:56 | 000,824,608 | ---- | M] (Apple Inc.) -- C:\QTInfo.exe
[2010/03/17 23:53:36 | 000,421,888 | ---- | M] (Apple Inc.) -- C:\QTTask.exe
[2010/03/18 01:28:24 | 001,230,128 | ---- | M] (Apple Inc.) -- C:\QuickTimePlayer.exe
[1996/09/15 21:00:00 | 000,202,240 | ---- | M] (DreamWorks Interactive) -- C:\setup95.exe
[2011/10/20 17:52:36 | 059,854,808 | ---- | M] () -- C:\setup_av_free_cnet.exe
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AFD.SYS >
[2006/11/02 03:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\System32\drivers\afd.sys
[2006/11/02 03:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2008/01/19 00:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 06:05:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 06:05:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 06:05:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 06:03:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 06:03:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: TDX.SYS >
[2006/11/02 03:57:35 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=AB4FDE8AF4A0270A46A001C08CBCE1C2 -- C:\Windows\System32\drivers\tdx.sys
[2006/11/02 03:57:35 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=AB4FDE8AF4A0270A46A001C08CBCE1C2 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
[2008/01/19 00:55:58 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Users\David\AppData\Local\Temp\volsnap.sys
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\drivers\volsnap.sys
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2008/01/09 06:03:00 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008/01/09 06:03:01 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008/01/09 06:03:01 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 04:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006/11/02 04:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/13 18:19:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/13 18:19:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/13 18:19:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/13 18:19:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/13 18:19:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/13 18:19:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 09:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 09:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 09:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 11:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/06 00:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/06 00:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/06 00:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/06 00:14:44 | 001,794,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/13 18:19:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/13 18:19:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/13 18:19:00 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/13 18:19:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/13 18:19:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/13 18:19:05 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/03/09 09:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/03/09 09:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/03/09 09:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/03/09 11:56:18 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/06 00:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/06 00:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/06 00:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/06 00:14:44 | 001,794,848 | ---- | M] (Apple Inc.)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB3255$] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8AD27A66
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4295826C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:62AED3D0

< End of report >





OTL Extras logfile created on: 2/23/2012 3:26:46 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 26.97% Memory free
1.91 Gb Paging File | 0.51 Gb Available in Paging File | 26.97% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 50.92 Gb Free Space | 35.74% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.66 Gb Free Space | 10.09% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 103.67 Gb Free Space | 22.26% Space Free | Partition Type: NTFS

Computer Name: MYLAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Users\David\Desktop\bittorrent.exe" = C:\Users\David\Desktop\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0330FFCE-CEA7-4704-86E6-7E266482ABC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08353BCA-095B-4C7E-97E6-38B436306156}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A290A09-D190-41A1-9ACB-2185A17541EF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0D26767E-1200-4714-8D7B-5D0C17D364BA}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{0D2ABF97-57E2-4FAF-96F4-1E35823CEFA3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1527A20A-9856-4DE3-852A-10E73B707B3C}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{1D05B046-E4D6-4005-AF3F-85B42692EEB4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1F01BF90-4230-48B1-A759-7E8251A1C816}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{1F2D3E52-F5D3-40E7-9A02-94EB270E36F2}" = protocol=17 | dir=in | app=c:\users\david\limewire\limewire.exe |
"{209DD644-EE5B-41B3-9983-74E3DBF635F0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2B0FE3D2-66E9-48FC-9757-4EB5EFC853D7}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{344114AA-9FB4-48B5-84B2-7994E04D8AC4}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{3B9007CF-DA52-499C-A753-1D24E32884F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3CD2BB18-279C-44D1-BEE4-7C6C06951352}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{503EEBF4-14A2-452F-ACC0-0D4DD86E9851}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{562D20DF-E3D9-49F2-B475-8F742BCE7694}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5804875C-35F1-46EA-8F80-7221B6AB7D45}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{59FF0B87-781E-4BCD-8EF5-9C7442C9EA09}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
"{5D4E537E-DEF2-4B74-B555-EF473F2CC5F4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5D752E3B-9435-4FE8-88BA-783E9B4F4ED7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{654DE09E-54E7-499E-8F4E-4E3088FFF7A3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{669F3DD6-546B-47CB-BE34-DB6CE61839FB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{76E2CDFA-CC47-44B4-9120-F3214297AC38}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76F4DACE-E4CE-40A3-913C-41C1372928AB}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{85E113F6-2BAD-472B-BF41-FECD2C1E6B22}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8ECD38E8-128A-4038-B00D-D4DEB73928CB}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
"{97C35DD8-5A0B-4BB2-8E8D-46F3ADD03644}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9A11CFBA-B7DC-4B12-AAD9-2FCDE0C69DC3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB0945FC-9904-4D04-BE94-EC7406FF8617}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{ABDD5E65-0CF2-43B0-9781-85E91BA5A63B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C1729459-FF53-4016-955F-F16A89461BFD}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{C73B42B7-A056-437C-954F-BB9955703F49}" = protocol=6 | dir=in | app=c:\users\david\limewire\limewire.exe |
"{CAB52FB7-1699-4ADC-8E6C-499413DB863E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DD8A4181-B1A8-4843-89A7-DDD9FD8CD6A6}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E76B4AC4-ED29-487A-AE3B-AD101B503B38}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{EA1D6B1E-1C02-497C-A40D-F66D792B80E7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F5FAE2A8-D534-43B4-8A75-DFB5F4F8B543}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F68661BE-C072-4C3F-8437-B845A302674C}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{FC22098C-81E1-4052-B9FE-D92D2C6D3AD6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FF410DC1-9B89-450A-9149-56091397F842}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{129C1E20-32B2-44BC-A9E2-DEA02F36368E}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"TCP Query User{69714A4D-B3AB-4F43-9881-D3AC5750C3F1}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=6 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"TCP Query User{97FB12D2-D8AE-4E0D-A179-FA1908E29AB2}C:\stubinstaller.exe" = protocol=6 | dir=in | app=c:\stubinstaller.exe |
"TCP Query User{ACEA5402-DDF4-419A-8605-83069265500E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F3914FA4-1BC6-419C-B63F-4B5E27187FDC}C:\users\david\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\users\david\limewire\limewire.exe |
"UDP Query User{1C20F55F-B0E1-49DA-BE4E-5542E456C8A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{49096C0D-1070-4E63-B54F-DC7DC673F5FF}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"UDP Query User{9BC7272D-6420-4A53-8F1A-B9D5E06D7307}C:\stubinstaller.exe" = protocol=17 | dir=in | app=c:\stubinstaller.exe |
"UDP Query User{BD5FF69C-3145-453C-9BDA-B71091A31264}C:\program files\softnyx\gunboundwc\gunbound.gme" = protocol=17 | dir=in | app=c:\program files\softnyx\gunboundwc\gunbound.gme |
"UDP Query User{BD983F32-4A12-4E92-ADA1-325844225208}C:\users\david\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\users\david\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 23
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59354E6C-B36F-49EF-9419-D904B86C9C57}" = USB Game Pad
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7AB6E87B-F924-4383-976B-B47B1C732F90}" = Symantec Real Time Storage Protection Component
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.45 beta
"AbiWord2" = AbiWord 2.6.6
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Free Antivirus
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Desktop Toys Window" = Desktop Toys Window
"DILBERT's Desktop Games" = DILBERT's Desktop Games
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"FLV Player" = FLV Player 2.0, build 24
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.01" = Freecorder 5
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.15
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = OLYMPUS ib
"InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"LastFM_is1" = Last.fm 1.5.4.24567
"Lenny Loosejocks Goes Walkabout_is1" = Lenny Goes Walkabout version 1.0
"LimeWire" = LimeWire 4.16.6
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"NSS" = Norton Security Scan
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PakkISO_is1" = PakkISO 0.4
"RealPlayer 6.0" = RealPlayer
"Renoise 2.0.0_is1" = Renoise 2.0.0
"Snes9x" = Snes9x
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareLocked 3.5" = SpywareLocked 3.5
"ST6UNST #1" = Audio Converter / CD Audio Grabber 5-6
"StartNow Toolbar" = StartNow Toolbar
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebEnhancements" = WebEnhancements
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"XviD Video Codec" = XviD Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2012 3:29:22 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2668

Error - 2/23/2012 3:29:23 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/23/2012 3:29:23 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3666

Error - 2/23/2012 3:29:23 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3666

Error - 2/23/2012 3:29:24 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/23/2012 3:29:24 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4680

Error - 2/23/2012 3:29:24 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4680

Error - 2/23/2012 3:29:25 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/23/2012 3:29:25 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5678

Error - 2/23/2012 3:29:25 AM | Computer Name = MyLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5678

[ Media Center Events ]
Error - 4/1/2008 10:24:38 PM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2008 3:41:26 PM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/24/2008 7:29:26 AM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 7:39:38 AM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/12/2008 3:50:01 AM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 8:09:31 AM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/8/2009 3:32:20 PM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/2/2009 3:34:34 AM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/13/2010 2:14:53 AM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/17/2010 9:18:54 PM | Computer Name = MyLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/23/2012 1:43:27 AM | Computer Name = MyLaptop | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 2/23/2012 1:43:27 AM | Computer Name = MyLaptop | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 2/23/2012 1:43:46 AM | Computer Name = MyLaptop | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.119.2141.0 Loading engine version: 1.1.8001.0

Error - 2/23/2012 1:47:59 AM | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 2/23/2012 1:47:59 AM | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7026
Description =

Error - 2/23/2012 4:17:08 AM | Computer Name = MyLaptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 2/23/2012 4:17:08 AM | Computer Name = MyLaptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 2/23/2012 4:17:08 AM | Computer Name = MyLaptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 2/23/2012 4:17:08 AM | Computer Name = MyLaptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 2/23/2012 4:17:08 AM | Computer Name = MyLaptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.


< End of report >


5.
My system is running just as it was when I posted the issue - not dying or malfunctioning besides the constant alerts from avast! Since I posted, I've set it to 'Gaming Mode' which quiets the alarm for an hour at a time. Makes it less annoying but it won't let me forget about the problem.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:10 PM

Posted 23 February 2012 - 09:46 AM

Hi Shishkaboom!

Not a problem, and don't worry about posting in the wrong section.

You performed the TDSSKiller scan correctly. I need to update those instructions to remove that reboot tidbit. That information requiring a reboot is only required for when your having TDSSKiller Cure an infection.

My system is running just as it was when I posted the issue - not dying or malfunctioning besides the constant alerts from avast! Since I posted, I've set it to 'Gaming Mode' which quiets the alarm for an hour at a time. Makes it less annoying but it won't let me forget about the problem.

Thanks for the update, it's a good thing that Avast doesn't let you forget about the issues it's detected.

Thanks for the information regarding Norton.

If your subscription has run out for it, then why don't we just remove it all together.

It'll avoid confusion later. Please be sure to run the Removal tool below, as I'll be scripting out Norton files in the OTL fix below.

Remove Norton Tool

ONLY if you don't have an active subscription, use below link to uninstall Norton.

Please click HERE and follow the instructions to download and run the Norton Removal Tool for your own version.

It is strongly recommended that you run only one anti-virus program at a time. Having more than one anti-virus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


NEXT:



ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    PRC - [2007/01/10 00:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2007/01/05 16:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2006/09/21 02:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    SRV - [2008/05/07 18:13:16 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
    SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2007/01/05 16:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/01/05 16:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2006/10/27 08:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
    SRV - [2006/10/13 23:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2006/09/21 02:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
    DRV - [2011/12/09 04:05:02 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symlcbrd.sys -- (symlcbrd)
    DRV - [2008/05/07 18:14:16 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2007/12/01 01:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2007/12/01 01:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2007/12/01 01:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2007/04/14 04:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2007/02/14 17:51:40 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070426.001\IDSvix86.sys -- (IDSvix86)
    DRV - [2006/10/24 21:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/10/24 21:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2006/10/24 21:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2006/10/24 21:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
    DRV - [2006/10/24 21:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/10/24 21:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    IE - HKU\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL File not found
    O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL File not found
    O3 - HKU\S-1-5-21-534172135-1733895031-802531288-1000\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL File not found
    O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0" File not found
    O4 - HKLM..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup File not found
    O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    O4 - HKLM..\Run: [TuneClone] F:\TuneClone\TuneClone.exe /silence File not found
    O4 - HKLM..\Run: [XEEKK8gRR98234A] C:\Windows\system32\Y222onnF4pmHsQ7.exe File not found
    O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [BitTorrent] "C:\Users\David\Desktop\bittorrent.exe" --force_start_minimized File not found
    O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [DAEMON Tools Lite] "F:\Downloads\DAEMON Tools Lite\DTLite.exe" -autorun File not found
    O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [DFDWtend] rundll32 "C:\Users\David\AppData\Local\Temp\Devinatt.dll",CreateProcessNotify File not found
    O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [Fw0LsWu] "C:\Users\David\AppData\Roaming\PwLWi.cmd" File not found
    O4 - HKU\S-1-5-21-534172135-1733895031-802531288-1000..\Run: [GGUB0f8] "C:\Users\David\AppData\Roaming\20cbu101.cmd" File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/02/13 17:29:02 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for David.job
    [2012/02/03 20:00:05 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - David.job
    [2011/10/27 02:04:43 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{7B66286D-2A37-4FF3-8039-C2382B2979D0}
    [2011/10/15 04:32:12 | 000,001,209 | ---- | C] () -- C:\Users\David\AppData\Roaming\ldr.ini
    [2011/08/02 03:15:21 | 000,015,020 | -HS- | C] () -- C:\Users\David\AppData\Local\y46sfanjfs78b7643d
    [2011/08/02 03:15:21 | 000,015,020 | -HS- | C] () -- C:\ProgramData\y46sfanjfs78b7643d
    [2011/06/26 16:00:20 | 000,017,164 | -HS- | C] () -- C:\Users\David\AppData\Local\td1t0b0v2my6n6a41c0x8i13kl645qaj44580i663
    [2011/06/26 16:00:20 | 000,017,164 | -HS- | C] () -- C:\ProgramData\td1t0b0v2my6n6a41c0x8i13kl645qaj44580i663
    [2011/05/25 21:26:44 | 000,000,168 | ---- | C] () -- C:\ProgramData\~22077200r
    [2011/05/25 21:26:43 | 000,000,144 | ---- | C] () -- C:\ProgramData\~22077200
    [2011/05/25 21:25:52 | 000,000,336 | ---- | C] () -- C:\ProgramData\22077200
    [2011/04/13 21:41:17 | 000,016,628 | -HS- | C] () -- C:\Users\David\AppData\Local\4074311493
    [2011/04/13 21:41:17 | 000,016,628 | -HS- | C] () -- C:\ProgramData\4074311493
    [2011/12/09 04:05:02 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\symlcbrd.sys
    [2010/03/17 23:53:32 | 000,557,056 | ---- | M] (Apple Inc.) -- C:\PictureViewer.exe
    [2010/03/18 01:22:56 | 000,824,608 | ---- | M] (Apple Inc.) -- C:\QTInfo.exe
    [2010/03/17 23:53:36 | 000,421,888 | ---- | M] (Apple Inc.) -- C:\QTTask.exe
    [2010/03/18 01:28:24 | 001,230,128 | ---- | M] (Apple Inc.) -- C:\QuickTimePlayer.exe
    [2011/10/20 17:52:36 | 059,854,808 | ---- | M] () -- C:\setup_av_free_cnet.exe
    [2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Users\David\Desktop\bittorrent.exe"=-
    :Files
    C:\Windows\System32\drivers\volsnap.sys|C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys /replace
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. aswMBR log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Shishkaboom

Shishkaboom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 23 February 2012 - 03:18 PM

1. I thank you again for your quick response and willingness to help. I've provided the things you asked for. One thing I will say is that doing the ERUNT step had me making a backup registry twice, one replacing the other, but I did it anyway. Hope that's right. Other than that no problems have arisen by performing these tasks.

2.
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
No active process named ccApp.exe was found!
No active process named ccSvcHst.exe was found!
No active process named AluSchedulerSvc.exe was found!
No active process named AppSvc32.exe was found!
Error: No service named Symantec Core LC was found to stop!
Service\Driver key Symantec Core LC not found.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe moved successfully.
Error: No service named LiveUpdate Notice Ex was found to stop!
Service\Driver key LiveUpdate Notice Ex not found.
File c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found.
Error: No service named CLTNetCnService was found to stop!
Service\Driver key CLTNetCnService not found.
File c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found.
Error: No service named ccSetMgr was found to stop!
Service\Driver key ccSetMgr not found.
File c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found.
Error: No service named ccEvtMgr was found to stop!
Service\Driver key ccEvtMgr not found.
File c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found.
Error: No service named LiveUpdate was found to stop!
Service\Driver key LiveUpdate not found.
File C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE not found.
Error: No service named Automatic LiveUpdate Scheduler was found to stop!
Service\Driver key Automatic LiveUpdate Scheduler not found.
File C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe not found.
Error: No service named ISPwdSvc was found to stop!
Service\Driver key ISPwdSvc not found.
File c:\Program Files\Norton Internet Security\isPwdSvc.exe not found.
Error: No service named comHost was found to stop!
Service\Driver key comHost not found.
File c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe not found.
Error: No service named SymAppCore was found to stop!
Service\Driver key SymAppCore not found.
File c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe not found.
Error: No service named symlcbrd was found to stop!
Service\Driver key symlcbrd not found.
File C:\Windows\system32\drivers\symlcbrd.sys not found.
Error: No service named SymEvent was found to stop!
Service\Driver key SymEvent not found.
File C:\Windows\System32\drivers\SYMEVENT.SYS not found.
Error: No service named SRTSPL was found to stop!
Service\Driver key SRTSPL not found.
File C:\Windows\System32\drivers\srtspl.sys not found.
Error: No service named SRTSP was found to stop!
Service\Driver key SRTSP not found.
File C:\Windows\System32\drivers\srtsp.sys not found.
Error: No service named SRTSPX was found to stop!
Service\Driver key SRTSPX not found.
File C:\Windows\System32\drivers\srtspx.sys not found.
Error: No service named SPBBCDrv was found to stop!
Service\Driver key SPBBCDrv not found.
File C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys not found.
Error: No service named IDSvix86 was found to stop!
Service\Driver key IDSvix86 not found.
File C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070426.001\IDSvix86.sys not found.
Error: No service named SYMTDI was found to stop!
Service\Driver key SYMTDI not found.
File C:\Windows\System32\Drivers\SYMTDI.SYS not found.
Error: No service named SYMFW was found to stop!
Service\Driver key SYMFW not found.
File C:\Windows\System32\Drivers\SYMFW.SYS not found.
Error: No service named SYMIDS was found to stop!
Service\Driver key SYMIDS not found.
File C:\Windows\System32\Drivers\SYMIDS.SYS not found.
Error: No service named SYMNDISV was found to stop!
Service\Driver key SYMNDISV not found.
File C:\Windows\System32\Drivers\SYMNDISV.SYS not found.
Error: No service named SYMREDRV was found to stop!
Service\Driver key SYMREDRV not found.
File C:\Windows\System32\Drivers\SYMREDRV.SYS not found.
Error: No service named SYMDNS was found to stop!
Service\Driver key SYMDNS not found.
File C:\Windows\System32\Drivers\SYMDNS.SYS not found.
HKU\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ccApp not found.
File c:\Program Files\Common Files\Symantec Shared\ccApp.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MDS_Menu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Olympus ib deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\osCheck not found.
File c:\Program Files\Norton Internet Security\osCheck.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng not found.
File C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TuneClone deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XEEKK8gRR98234A deleted successfully.
Registry value HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully.
Registry value HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DFDWtend deleted successfully.
Registry value HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fw0LsWu deleted successfully.
Registry value HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GGUB0f8 deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\Tasks\Norton Security Scan for David.job moved successfully.
File C:\Windows\tasks\Norton Internet Security - Run Full System Scan - David.job not found.
C:\Users\David\AppData\Local\{7B66286D-2A37-4FF3-8039-C2382B2979D0} moved successfully.
C:\Users\David\AppData\Roaming\ldr.ini moved successfully.
C:\Users\David\AppData\Local\y46sfanjfs78b7643d moved successfully.
C:\ProgramData\y46sfanjfs78b7643d moved successfully.
C:\Users\David\AppData\Local\td1t0b0v2my6n6a41c0x8i13kl645qaj44580i663 moved successfully.
C:\ProgramData\td1t0b0v2my6n6a41c0x8i13kl645qaj44580i663 moved successfully.
C:\ProgramData\~22077200r moved successfully.
C:\ProgramData\~22077200 moved successfully.
C:\ProgramData\22077200 moved successfully.
C:\Users\David\AppData\Local\4074311493 moved successfully.
C:\ProgramData\4074311493 moved successfully.
File C:\Windows\system32\drivers\symlcbrd.sys not found.
C:\PictureViewer.exe moved successfully.
C:\QTInfo.exe moved successfully.
C:\QTTask.exe moved successfully.
C:\QuickTimePlayer.exe moved successfully.
C:\setup_av_free_cnet.exe moved successfully.
C:\StubInstaller.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\David\Desktop\bittorrent.exe deleted successfully.
========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\volsnap.sys with C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys without a reboot.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\David\Desktop\cmd.bat deleted successfully.
C:\Users\David\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\David\Desktop\cmd.bat deleted successfully.
C:\Users\David\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 913532070 bytes
->Temporary Internet Files folder emptied: 140621263 bytes
->Java cache emptied: 19451461 bytes
->FireFox cache emptied: 235898636 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 193191 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119557837 bytes
RecycleBin emptied: 9464395941 bytes

Total Files Cleaned = 10,389.00 mb


[EMPTYFLASH]

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: David
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02232012_141916

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

3.
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-23 14:38:11
-----------------------------
14:38:11.622 OS Version: Windows 6.0.6000
14:38:11.622 Number of processors: 2 586 0xF06
14:38:11.637 ComputerName: MYLAPTOP UserName: David
14:38:23.259 Initialize success
14:38:23.462 AVAST engine defs: 12022301
14:38:39.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:38:39.140 Disk 0 Vendor: ST9160821AS 3.BHD Size: 152627MB BusType: 3
14:38:39.156 Disk 0 MBR read successfully
14:38:39.156 Disk 0 MBR scan
14:38:39.171 Disk 0 unknown MBR code
14:38:39.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 145910 MB offset 63
14:38:39.218 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6714 MB offset 298825065
14:38:39.265 Disk 0 scanning sectors +312576705
14:38:39.327 Disk 0 scanning C:\Windows\system32\drivers
14:38:53.929 Service scanning
14:39:11.635 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:39:15.925 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 32
14:39:19.513 Modules scanning
14:39:28.483 Disk 0 trace - called modules:
14:39:28.530 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85b851ed]<<
14:39:28.530 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8548a0b0]
14:39:28.545 3 ntkrnlpa.exe[820b07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84c93bb0]
14:39:28.561 \Driver\atapi[0x84c4fc60] -> IRP_MJ_CREATE -> 0x84c041f8
14:39:29.466 AVAST engine scan C:\Windows
14:39:33.615 AVAST engine scan C:\Windows\system32
14:43:43.668 AVAST engine scan C:\Windows\system32\drivers
14:44:09.455 AVAST engine scan C:\Users\David
15:01:55.182 AVAST engine scan C:\ProgramData
15:07:01.517 Scan finished successfully
15:08:29.950 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
15:08:29.962 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

4. Running relatively the same. Still get avast! notifications, though the computer still seems to be running fine. Sometimes avast! doesn't notice when I click Gaming Mode and I'll get a notification in the next couple of seconds, have to go do it again. I will say when I ran the Norton Uninstaller, I left my computer to reboot to grab a cup of coffee and when I returned my computer had entered a repair mode saying my computer did not start up properly and was attempting repairs. I let it sit like this for about half an hour, 'repairing', but it didn't seem to be doing anything or providing me any information. I did a manual shut down by holding the power button, and on reboot before it started up it said it was having trouble starting and I could launch the repair thingy or I could start Windows normally. (The repair option is (recommended) and launched automatically if I don't do anything) I chose Start Windows Normally and I was brought to login. I have no idea what trouble it's actually having starting up because when I'm given the option to skip repairs, everything works like it should and I encounter no problems starting up. Very strange. That has happened to me only once before, and I think I dealt with it in the same manner and never saw it again. No idea if it's related to the current problem.

EDIT: Hold on... I've noticed in the last half hour or so, gaming mode has been off and I haven't received any notifications from avast! about the problem. Is that expected? I realize we've done some sort of reset thing, but I thought we had quite a ways to go. How would I go about checking to see if that particular mswsock.dll problem has been taken care of? I also realize I could totally be jumping the gun here, but I thought I would include this.

Edited by Shishkaboom, 23 February 2012 - 03:37 PM.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:10 PM

Posted 24 February 2012 - 01:45 AM

Hi Shishkaboom!

Not a problem!

Okay, thanks for that information regarding the ERUNT back-up.

That has happened to me only once before, and I think I dealt with it in the same manner and never saw it again. No idea if it's related to the current problem.

That's very interesting. I didn't thinking scripting any of the things I had OTL remove would cause any issues, but I suspect that the infection may have contributed to the issue you experienced when you reboot, as we had tried to remove some of it in the fix.

Is that expected? I realize we've done some sort of reset thing, but I thought we had quite a ways to go. How would I go about checking to see if that particular mswsock.dll problem has been taken care of?

That's a very good question, and the honest answer is, I'm not exactly sure. In my OTL fix, I tried to replace a malicious file with a clean one, but OTL came back saying that it couldn't replace the file without a reboot, and then when you ran the aswMBR scan it shows me that the file/service is locked, so I'm not entirely convinced that it was replaced successfully, and feel that it may still be patched.

Do me a favor and run this tool next:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Shishkaboom

Shishkaboom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 February 2012 - 04:50 PM

Ok, sorry about the late reply. I ran combofix like you said, after deactivating my avast!. During the initial stages (first 10 minutes or so) it brought up a notification saying I had been infected with Rootkit.ZeroAccess in my tcp/ip, or something to that effect (I had the exact wording written down in notepad but I had to reboot and the wording was lost before I could save it). It brought up this notification 3 separate times. After a bit it required a reboot and continued after restarting. Took about 40 minutes in total. I don't know how relevant all of this information is but I thought I should include it. Now I'm getting a little nervous.


ComboFix 12-02-25.02 - David 02/25/2012 14:47:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1288 [GMT -5:00]
Running from: c:\users\David\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\program files\image ax object
c:\program files\image ax object\ot.ico
c:\program files\image ax object\ts.ico
c:\program files\Internet Explorer\8BF9.tmp
c:\program files\Internet Explorer\AF5.tmp
c:\program files\SH
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\separator.png
c:\program files\StartNow Toolbar\Resources\images\splitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\program files\WebEnhancements
c:\program files\WebEnhancements\WebEnhancements.safariextz
c:\program files\WebEnhancements\Xvid.exe
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEula.mht
c:\users\David\AppData\Roaming\kernel33.dll
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud Protection
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud Protection\Cloud Protection.lnk
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\David\AppData\Roaming\WeatherDPA
c:\users\David\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\David\AppData\Roaming\Zango
c:\windows\$NtUninstallKB3255$
c:\windows\$NtUninstallKB3255$\3617486556
c:\windows\$NtUninstallKB3255$\485945278\@
c:\windows\$NtUninstallKB3255$\485945278\cfg.ini
c:\windows\$NtUninstallKB3255$\485945278\Desktop.ini
c:\windows\$NtUninstallKB3255$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\156547742
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\qnbwvoto
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
c:\windows\Tasks\nrxnosle.job
D:\autorun.inf
F:\Autorun.inf
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 20:29 . 2012-02-25 20:30 -------- d-----w- c:\users\David\AppData\Local\temp
2012-02-25 20:29 . 2012-02-25 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-23 19:14 . 2012-02-23 19:14 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2009-10-03 03:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 16:30 . 2011-12-14 16:30 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-28 18:01 . 2011-10-20 22:54 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-20 22:54 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-20 22:57 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-20 22:57 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-20 22:57 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-20 22:57 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-20 22:57 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-10-20 22:57 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-24 22:27 . 2011-10-02 23:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 23:54 175912 ----a-w- c:\program files\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 23:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-08 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Freecorder FLV Service"="f:\downloads\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-27 185872]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-27 126976]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-27 131072]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-27 151552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
WinZip Quick Pick.lnk - f:\documents\New Movies\Even Newer\Totally New\WZQKPICK.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 01:38]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 01:38]
.
2012-02-25 c:\windows\Tasks\HPCeeScheduleForDavid.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QuickTime Task - C:\QTTask.exe
AddRemove-LimeWire - c:\users\David\LimeWire\uninstall.exe
AddRemove-My HP Game Console - c:\program files\HP Games\My HP Game Console\Uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-TrueCrypt - c:\users\David\Documents\New Movies\TrueCrypt Setup.exe
AddRemove-WebEnhancements - c:\program files\WebEnhancements\Uninstall.exe
AddRemove-WildTangent hplaptop Master Uninstall - c:\program files\HP Games\Uninstall.exe
AddRemove-WT014844 - c:\program files\HP Games\The Apprentice\Uninstall.exe
AddRemove-WT014845 - c:\program files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT014846 - c:\program files\HP Games\Big Kahuna Reef\Uninstall.exe
AddRemove-WT014847 - c:\program files\HP Games\Blackhawk Striker 2\Uninstall.exe
AddRemove-WT014848 - c:\program files\HP Games\Boggle Supreme\Uninstall.exe
AddRemove-WT014849 - c:\program files\HP Games\Bookworm Deluxe\Uninstall.exe
AddRemove-WT014851 - c:\program files\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT014852 - c:\program files\HP Games\Crystal Maze\Uninstall.exe
AddRemove-WT014853 - c:\program files\HP Games\Family Feud\Uninstall.exe
AddRemove-WT014855 - c:\program files\HP Games\Final Drive Nitro\Uninstall.exe
AddRemove-WT014856 - c:\program files\HP Games\Flip Words\Uninstall.exe
AddRemove-WT014857 - c:\program files\HP Games\Insaniquarium Deluxe\Uninstall.exe
AddRemove-WT014858 - c:\program files\HP Games\Jewel Quest\Uninstall.exe
AddRemove-WT014859 - c:\program files\HP Games\Lemonade Tycoon 2\Uninstall.exe
AddRemove-WT014860 - c:\program files\HP Games\Otto\Uninstall.exe
AddRemove-WT014861 - c:\program files\HP Games\Penguins!\Uninstall.exe
AddRemove-WT014862 - c:\program files\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT014863 - c:\program files\HP Games\Polar Tubing\Uninstall.exe
AddRemove-WT014864 - c:\program files\HP Games\Puzzle Express\Uninstall.exe
AddRemove-WT014865 - c:\program files\HP Games\SCRABBLE\Uninstall.exe
AddRemove-WT014867 - c:\program files\HP Games\Slingo Deluxe\Uninstall.exe
AddRemove-WT014868 - c:\program files\HP Games\Super Granny\Uninstall.exe
AddRemove-WT014869 - c:\program files\HP Games\Tradewinds\Uninstall.exe
AddRemove-WT014871 - c:\program files\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT014888 - c:\program files\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT014889 - c:\program files\HP Games\Word Symphony\Uninstall.exe
AddRemove-WT014902 - c:\program files\HP Games\Ancient Sudoku\Uninstall.exe
AddRemove-WT014905 - c:\program files\HP Games\Poker Superstars 2\Uninstall.exe
AddRemove-WT015733 - c:\program files\HP Games\FATE\Uninstall.exe
AddRemove-WT015797 - c:\program files\HP Games\Blasterball 3\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-25 15:30
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*ă*’©*ă*’ *ă*’¬ \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,99,f0,6e,2f,5a,99,6e,36,c0,25,51,12,d7,bb,b3,cd,e6,8b,5b,b3,
a8,bb,d7,56,e9,2e,e1,42,eb,d3,b5,81,b1,ac,41,d9,6b,92,90,8e,e5,a1,15,a7,ad,\
"rkeysecu"=hex:f1,de,cc,52,81,a2,61,2e,5b,0b,85,e7,04,d7,0c,ce
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-25 15:40:14
ComboFix-quarantined-files.txt 2012-02-25 20:40
.
Pre-Run: 55,742,386,176 bytes free
Post-Run: 55,677,173,760 bytes free
.
- - End Of File - - 723B30CA91E38D76E326CD4E6C35D8DF

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:10 PM

Posted 26 February 2012 - 02:36 AM

Hi Shiskaboom!

Thanks for that information, and don't worry about the exact wording of the warning, I've seen the notification message before, so I know what it says. :)

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
Firefox::
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\hbi4hwk0.default\
FF - prefs.js: network.proxy.type - 4
RegNull::
[HKEY_USERS\S-1-5-21-534172135-1733895031-802531288-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*ã*’©*ã*’ *ã*’¬ \OpenWithList]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by SweetTech, 26 February 2012 - 02:37 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Shishkaboom

Shishkaboom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 28 February 2012 - 09:27 PM

I am having trouble with your very first step here.
First, I made the mistake of not saving the text file as 'all files', I don't know how I didn't see that the first time. I put that into Combofix but halfway through the process I got a notification:

Error opening file for writing:

C:\32788R22FWJFW\pev.3XE

I don't know what that is or what that means. I chose to Ignore since Retry did nothing. Combofix ended and... that's it. After re-reading your instructions, I found the 'save as all files' thing and realized I made a mistake, so I quickly made the notepad file an 'all types' and tried again. I received the same error message halfway through, and again it simply ended and did nothing more. If it created a text file or log, I don't know what it's called or where it is, because it isn't on my desktop.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:10 PM

Posted 01 March 2012 - 02:11 AM

Hi!

Apologizes on the delay, I had some things come up the last couple of days, and I'm just now getting around to responding to my users.

Please skip the ComboFix instructions and proceed with the rest of the instructions in my previous post.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:10 PM

Posted 08 March 2012 - 03:21 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Edited by SweetTech, 08 March 2012 - 03:22 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users